Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
When in FTP I can move up through the DIR structure and see other people's account folders and enter them (although I cannot see files).
The host has told me this is perfectly normal is it?
I can't do it on any of my other hosts.
Thanks in advance
It's certainly not neccessary, imo they have not set server permissions corectly.
Giving out info of who else is hosting on a server is not clever, especially if there was any expectation of confidentiality...
If a user stores any confidential data on such a machine (such as credit card numbers), then they'll have to encrypt them with a public key, keeping the private key offline. If you need full confidentiality for all your files, then your best option is to rent a dedicated server.
That is why some people change their directories to be executable but not readable, i.e. chmod 711. Everyone can come into your directory (executable) including the webserver, but they cannot do a file listing. It is okay for the webserver because it knows exactly which file it needs, but for the human users, it can be difficult. Usually a human user needs to browse the directory around because he/she knows which file he/she wants to look at.
It is not a good solution and it only works "okay". I am with a web host that provides a suid command to toggle the owner of the file between the webserver and yourself, so that you can safely set it to be mode 600. But it is quite troublesome if you need to do it for everyfile...
That's exactly one of the examples I was hinting at above, that looks secure but really isn't. All another user on the same server has to do is write a CGI script that allows him to browse through directories on the server. Since this script runs under the user:group of the httpd, your chmod 770 files above will all be accessible to him without any problems. Nothing gained other than an administrative nightmare: Do you really want to involve an admin each time you upload a new file?
The only practicable solution for data that the httpd needs to read and write and that shouldn't be accesible by other people on the same machine is to use something like cgiwrap. This will change the identity of the CGI process temporarily to that of the user, so that it can access directories and files that are closed for others. Of course, the user needs to understand how to use this program, and it's definitively not worth the effort just for the normal html files sitting around. And if you have really critical data, then you should encrypt them all the same.
If they set up his user account with ftp locked to his directory entry that should solve the ftp issue because he would ftp into his dir as if it were the root of his server and would not (using ftp) be able to get into others or a higher level.
Looks like a lot of unix crew in ;)
<<-- If they set up his user account with ftp locked to his directory entry that should solve the ftp issue because he would ftp into his dir as if it were the root of his server and would not (using ftp) be able to get into others or a higher level.
Thats how it is with the other 7 hosts that I use, I don't understand why it has to be like this.
The techie (who I am starting to doubt for other reasons) said "oh this is the way it HAS to be" and I said well none of my other hosts are like this and he said and I quote ;) "We are a professional hosting company, and I have been doing this for 15 years"
So I dont know :)
I dont care as long as it is secure.
Yes, this solves the "FTP issue". Since the FTP daemon only needs access to a handful programs (ls and gzip, essentially), this part is very easy to implement. It also makes it possible that the host can offer "anonymous FTP" for your domain on a shared server. I couldn't leave with this last feature myself.
However, it doesn't change the fact that a CGI script can (and potentially needs to) access almost everything on the machine. There's also the problem that any nontrivial hosting account probably includes shell access, so that limiting the view by FTP may be nice and practical, but rather pointless as a security measure.
Ok, now I read the original post again very carefully, and noticed that it indeed only mentions FTP. As long as you're talking about FTP alone, then yes, I don't see why you'd need access outside of your account through this one channel, and the restriction is easy to implement. But it is very important to remember that doing so improves the system security only marginally if at all. It is mostly done for practical reasons, and to keep any potential newbie customers from getting confused.