Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 3 Aug 2003 01:09:16 -0400
From:      parv <parv_fm@emailgroups.net>
To:        dt <dt@arbuz.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Need Access Control List(ACL) or any kind of substitute for it
Message-ID:  <20030803050916.GA33525@moo.holy.cow>
In-Reply-To: <000301c35973$2a11b320$5f4f0844@DT>
References:  <000301c35973$2a11b320$5f4f0844@DT>

next in thread | previous in thread | raw e-mail | index | archive | help
in message <000301c35973$2a11b320$5f4f0844@DT>,
wrote dt thusly...
>
> I recently was able to find a web-hosting company that runs
> FreeBSD ...  it's not a virtual hosting, where I have a root
> access to my machine. 

So you are on a shared server (as opposed to single/dedicated
one)...


> The only security measures this company took was that you could
> not 'ls' up to other people's account

Could it be that you are in a jail and/or is the default umask, thus
default permissions, rather restrictive (say 077, than open 022)?


> I know that if you know the directory structure you can open
> anyone's script and look into the content which could reveal
> a password and the logic of their code.

Who would store a password in the code if security is of any
concern?

Otherwise, what is wrong w/ otherwise public files to be available
to your fellow hostmates?

BTW (re-)read chmod(1) if you have not already.


> On top of that, locate-database has all the directory structure,
> which is available to anybody. 

According to locate(1) (4.8-Release), it does not create entries for
files that are publicly unreadable.


> So, a couple of things I tried to do, which weren't successful. I took
> away permission from others by chmod 740.


(OP was unable to change membership wrt 'nobody' group.)
> The only solution I see is ask their admin to put nobody user to
> my group.  Or to have some sort of ACL, so I can explicitly grant
> permission to nobody user. 

It seems from your actions that you think you have powers to change
groups willy-nilly.  And i do not think that the hosting company
would do add nobody user to your group.  Why? See above.


I think there is something missing from my response; somebody will
fill in that i am sure.


  - Parv

-- 
A programmer, budding Unix system administrator, and amateur photographer
seeks employment:  http://www103.pair.com/parv/work/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030803050916.GA33525>