[nycphp-talk] Pair Network's "security" model - could it be this bad?
Matthew Terenzio
webmaster at localnotion.com
Tue Jun 1 15:22:05 EDT 2004
cd may bring you to your home but certainly you can cd /tmp or cd
/usr/local/www for instance. I know this to be true at Pair, as I once
had an account there.
On Jun 1, 2004, at 2:46 PM, Kamm, William R (Bill), ALABS wrote:
> I agree with Jay, When I ftp or ssh into my account at boxnix, the
> root
> directory is the home directory of my account. I can't "cd ..". I
> just
> end up at the root level, and can only see my files. How could anyone
> else with a different account have access to my files?
>
> Bill
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Jayesh Sheth
> Sent: Tuesday, June 01, 2004 2:30 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] Pair Network's "security" model - could it be
> this
> bad?
>
>
> Hello all,
>
> thanks for all of your quick replies.
>
> To clarify on my current setup:
>
> I am not an expert on UNIX permission and such things, but here is my
> (limited) understanding of how it might work:
>
> - from the control panel, you can add an FTP or shell user
>
> - from the control panel, a domain is mapped to either of those user's
> files
>
> - when you setup a domain, you can choose whether PHP scripts are run
> an
>
> apache module (aka "running as Apache") OR as CGI (aka "running as my
> user")
>
> - when you FTP in, you cannot go "up" and browse a list of other user's
> directories, since you are in the root directory of the account into
> which you FTPed
>
> - scripts are disabled from reading outside of their domain-files
> directory (something is changed in PHP's configurationhere )
> ["open_basedir Restrictions in effect, file is in wrong directory"]
>
> - scripts cannot access external programs ["backticks (``), system(),
> exec(), passthru()" are disabled]
>
> More information on the shared server's configuration:
>
> https://panel.dreamhost.com/kbase/index.cgi?area=2526&keyword=security
>
> So, as far as I know, files placed in a certain shell or FTP user's
> accounts are private.
>
> Please correct me if this seems incorrect.
>
> Best Regards,
>
> - Jay
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list