Date: Sun, 3 Aug 2003 01:09:16 -0400 From: parv <parv_fm@emailgroups.net> To: dt <dt@arbuz.com> Cc: freebsd-questions@freebsd.org Subject: Re: Need Access Control List(ACL) or any kind of substitute for it Message-ID: <20030803050916.GA33525@moo.holy.cow> In-Reply-To: <000301c35973$2a11b320$5f4f0844@DT> References: <000301c35973$2a11b320$5f4f0844@DT>
next in thread | previous in thread | raw e-mail | index | archive | help
in message <000301c35973$2a11b320$5f4f0844@DT>, wrote dt thusly... > > I recently was able to find a web-hosting company that runs > FreeBSD ... it's not a virtual hosting, where I have a root > access to my machine. So you are on a shared server (as opposed to single/dedicated one)... > The only security measures this company took was that you could > not 'ls' up to other people's account Could it be that you are in a jail and/or is the default umask, thus default permissions, rather restrictive (say 077, than open 022)? > I know that if you know the directory structure you can open > anyone's script and look into the content which could reveal > a password and the logic of their code. Who would store a password in the code if security is of any concern? Otherwise, what is wrong w/ otherwise public files to be available to your fellow hostmates? BTW (re-)read chmod(1) if you have not already. > On top of that, locate-database has all the directory structure, > which is available to anybody. According to locate(1) (4.8-Release), it does not create entries for files that are publicly unreadable. > So, a couple of things I tried to do, which weren't successful. I took > away permission from others by chmod 740. (OP was unable to change membership wrt 'nobody' group.) > The only solution I see is ask their admin to put nobody user to > my group. Or to have some sort of ACL, so I can explicitly grant > permission to nobody user. It seems from your actions that you think you have powers to change groups willy-nilly. And i do not think that the hosting company would do add nobody user to your group. Why? See above. I think there is something missing from my response; somebody will fill in that i am sure. - Parv -- A programmer, budding Unix system administrator, and amateur photographer seeks employment: http://www103.pair.com/parv/work/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030803050916.GA33525>