From owner-freebsd-questions@FreeBSD.ORG Sat Aug 2 22:06:21 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAD2F37B401 for ; Sat, 2 Aug 2003 22:06:21 -0700 (PDT) Received: from albatross.mail.pas.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CF1B43F85 for ; Sat, 2 Aug 2003 22:06:21 -0700 (PDT) (envelope-from parv_fm@mailsent.net) Received: from sdn-ap-033dcwashp0300.dialsprint.net ([65.179.81.46] helo=moo.holy.cow) by albatross.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 19jB4U-0002CG-00; Sat, 02 Aug 2003 22:06:18 -0700 Received: by moo.holy.cow (Postfix, from userid 1001) id BA833C17A; Sun, 3 Aug 2003 01:09:16 -0400 (EDT) Date: Sun, 3 Aug 2003 01:09:16 -0400 From: parv To: dt Message-ID: <20030803050916.GA33525@moo.holy.cow> Mail-Followup-To: dt , freebsd-questions@freebsd.org References: <000301c35973$2a11b320$5f4f0844@DT> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000301c35973$2a11b320$5f4f0844@DT> cc: freebsd-questions@freebsd.org Subject: Re: Need Access Control List(ACL) or any kind of substitute for it X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 05:06:22 -0000 in message <000301c35973$2a11b320$5f4f0844@DT>, wrote dt thusly... > > I recently was able to find a web-hosting company that runs > FreeBSD ... it's not a virtual hosting, where I have a root > access to my machine. So you are on a shared server (as opposed to single/dedicated one)... > The only security measures this company took was that you could > not 'ls' up to other people's account Could it be that you are in a jail and/or is the default umask, thus default permissions, rather restrictive (say 077, than open 022)? > I know that if you know the directory structure you can open > anyone's script and look into the content which could reveal > a password and the logic of their code. Who would store a password in the code if security is of any concern? Otherwise, what is wrong w/ otherwise public files to be available to your fellow hostmates? BTW (re-)read chmod(1) if you have not already. > On top of that, locate-database has all the directory structure, > which is available to anybody. According to locate(1) (4.8-Release), it does not create entries for files that are publicly unreadable. > So, a couple of things I tried to do, which weren't successful. I took > away permission from others by chmod 740. (OP was unable to change membership wrt 'nobody' group.) > The only solution I see is ask their admin to put nobody user to > my group. Or to have some sort of ACL, so I can explicitly grant > permission to nobody user. It seems from your actions that you think you have powers to change groups willy-nilly. And i do not think that the hosting company would do add nobody user to your group. Why? See above. I think there is something missing from my response; somebody will fill in that i am sure. - Parv -- A programmer, budding Unix system administrator, and amateur photographer seeks employment: http://www103.pair.com/parv/work/