Need Access Control List(ACL) or any kind of substitute for it
dt at arbuz.com
Sat Aug 2 20:59:00 PDT 2003
I recently was able to find a web-hosting company that runs FreeBSD. The
service, I signed up for, allows me to have a SSH access including
series of other services, such as CGI-BIN, Tomcat. On the same machine
that my domain is hosted, there are many other accounts; it's not a
virtual hosting, where I have a root access to my machine.
On the first day, I discovered that I had to make my files publicly
available so that Apache could pick up my scripts and run them, which I
definitely thought it was not good idea. The only security measures this
company took was that you could not 'ls' up to other people's account,
but I know that if you know the directory structure you can open
anyone's script and look into the content which could reveal a password
and the logic of their code. On top of that, locate-database has all the
directory structure, which is available to anybody.
So, a couple of things I tried to do, which weren't successful. I took
away permission from others by chmod 740. And also, to grant apache
only, I tried to chown to nobody group (apache is running under this
group) which I could not do because I was not part of nobody group. I
tried to put nobody user under my group, I was not able to. The only
solution I see is ask their admin to put nobody user to my group. Or to
have some sort of ACL, so I can explicitly grant permission to nobody
Please help. Is there any tool that allows me to overcome this obstacle?
I will not reveal any information about this company, for obvious
reasons, except that they're running: "FreeBSD 4.7-RELEASE".
Eventually, I am planning to tell them to fix their security problem,
but I need to make a research before I do this, which I'm doing by
asking your expertise.
More information about the freebsd-questions