Need Access Control List(ACL) or any kind of substitute for it
parv
parv_fm at emailgroups.net
Sat Aug 2 22:06:22 PDT 2003
in message <000301c35973$2a11b320$5f4f0844 at DT>,
wrote dt thusly...
>
> I recently was able to find a web-hosting company that runs
> FreeBSD ... it's not a virtual hosting, where I have a root
> access to my machine.
So you are on a shared server (as opposed to single/dedicated
one)...
> The only security measures this company took was that you could
> not 'ls' up to other people's account
Could it be that you are in a jail and/or is the default umask, thus
default permissions, rather restrictive (say 077, than open 022)?
> I know that if you know the directory structure you can open
> anyone's script and look into the content which could reveal
> a password and the logic of their code.
Who would store a password in the code if security is of any
concern?
Otherwise, what is wrong w/ otherwise public files to be available
to your fellow hostmates?
BTW (re-)read chmod(1) if you have not already.
> On top of that, locate-database has all the directory structure,
> which is available to anybody.
According to locate(1) (4.8-Release), it does not create entries for
files that are publicly unreadable.
> So, a couple of things I tried to do, which weren't successful. I took
> away permission from others by chmod 740.
(OP was unable to change membership wrt 'nobody' group.)
> The only solution I see is ask their admin to put nobody user to
> my group. Or to have some sort of ACL, so I can explicitly grant
> permission to nobody user.
It seems from your actions that you think you have powers to change
groups willy-nilly. And i do not think that the hosting company
would do add nobody user to your group. Why? See above.
I think there is something missing from my response; somebody will
fill in that i am sure.
- Parv
--
A programmer, budding Unix system administrator, and amateur photographer
seeks employment: http://www103.pair.com/parv/work/
More information about the freebsd-questions
mailing list