Need Access Control List(ACL) or any kind of substitute for it

parv parv_fm at
Sat Aug 2 22:06:22 PDT 2003

in message <000301c35973$2a11b320$5f4f0844 at DT>,
wrote dt thusly...
> I recently was able to find a web-hosting company that runs
> FreeBSD ...  it's not a virtual hosting, where I have a root
> access to my machine. 

So you are on a shared server (as opposed to single/dedicated

> The only security measures this company took was that you could
> not 'ls' up to other people's account

Could it be that you are in a jail and/or is the default umask, thus
default permissions, rather restrictive (say 077, than open 022)?

> I know that if you know the directory structure you can open
> anyone's script and look into the content which could reveal
> a password and the logic of their code.

Who would store a password in the code if security is of any

Otherwise, what is wrong w/ otherwise public files to be available
to your fellow hostmates?

BTW (re-)read chmod(1) if you have not already.

> On top of that, locate-database has all the directory structure,
> which is available to anybody. 

According to locate(1) (4.8-Release), it does not create entries for
files that are publicly unreadable.

> So, a couple of things I tried to do, which weren't successful. I took
> away permission from others by chmod 740.

(OP was unable to change membership wrt 'nobody' group.)
> The only solution I see is ask their admin to put nobody user to
> my group.  Or to have some sort of ACL, so I can explicitly grant
> permission to nobody user. 

It seems from your actions that you think you have powers to change
groups willy-nilly.  And i do not think that the hosting company
would do add nobody user to your group.  Why? See above.

I think there is something missing from my response; somebody will
fill in that i am sure.

  - Parv

A programmer, budding Unix system administrator, and amateur photographer
seeks employment:

More information about the freebsd-questions mailing list