Access to users files via shell


#1

Hi all.
Can other DH users gain access and read my files in my users space? I have various config files that contain sensitive info such as passwords that scripts use. They are safe from the web via php or htaccess rights etc but I wondered if other DH users can traverse the users tree and looko around?

Thanks


#2

No, if they even do an ls in your directory they will get a “Permission denied” message

Check out Gordaen’s Knowledge, the blog, and the MR2 page.


#3

It’s more complicated than that.

It depends on what the permsissions are set to.

You have user, group, and world permissions.

If the file is readable, then one can read it - they just have to know the path.

If the directory is readable, they can get a listing of its contents.

If the directory is executable, they can make it the current working directory.

Generally home directories are set to 751. These means they are not world-readable, and thus no one can do ‘ls /home/username’ to get a list of the directories. Except users that belong to the same group.

However it does not mean your files can’t be read. You would need to go through each file and set the permissions to 640 or 751. The 640 is to keep data files from being read, and the 751 is to keep script files from being read. If you set a web-accessible file to be non-readable though, the web server won’t access it!

I put data files in a directory that is not web-accessable and make them 640.

The Perl scripts I write are OO applications. The application class istself, including sensitive information, is stored in a Perl module. Perl modules are not executables, so they can be set to 640. Perl modules also shouldn’t be in a web-accessible directory either. To get the CGI application working, another Perl script is used, and all it does is execute an instance of the application class, a couple lines of code. So it can be safely placed within a web-accessible directory with permissions of 755.

:cool: [color=#6600CC]Atropos[/color] | openvein.org


#4

Thanks for the info, I kinda wondered how that worked. Just never thought to really ask. Oh well. lol.
Silk

My website