Securityw/multiple users and subdomains


#1

i just have a quick curious question. i set up a subdomain for a friend of mines with her own user name and all that jazz but i’m worried.
if something ever happens and someone hacks into her site, will they be able to get to my domain and other subdomains or will it just be confined to her own sub?

all user names and pws are completely different.


#2

phew! okay, thank you so so much! i feel so relieved now.


#3

If ALL database directory & user are different,
it’s like if your are in dreamhost, and your friend in another host.

Don’t forget that DH servers are protected by ninjas, but your scripts may have security hole.


Get [color=#CC0000]$97[/color] Off with promo code :[color=#CC0000]97USA[/color] :cool: choose your plan


#4

But they are protected by Ninjas, right?

(I just can’t type that question without laughing after seeing the “Don’t do crack” picture on the blog.)

Wholly


#5

Hm.

I believe that, when you create a new user, it’s created under the same group. Therefore, if you change the dir to /home/[username]/, as long as it’s the same group, I think you’ll be able to edit those files. So, it’s possible a hacker could pull it off, but they would have to know your username too.

-Kyle

Save [color=#CC0000]$50[/color] on all yearly plans using promo code [color=#CC0000]PHEWSEPHIFTY[/color] when you sign up!


#6

Even if it were true, that would be limited to files that are world-writable. Otherwise we wouldn’t need passwords, would we?


Simon’s website
Save $100 on 1-year plans with promo code [color=#CC0000]SCJESSEY100[/color] (details)


#7

It’s easy enough to find user names…just cd up the tree :wink:

–rlparker


#8

Well that’s a really helpful answer, Bob. Wouldn’t it have been easier just to answer my question directly, instead of the cryptic riddle?


Simon’s website
Save $100 on 1-year plans with promo code [color=#CC0000]SCJESSEY100[/color] (details)


#9

You have me confused with someone else. I’m scjessey.


Simon’s website
Save $100 on 1-year plans with promo code [color=#CC0000]SCJESSEY100[/color] (details)


#10

Here’s the wiki entry:

http://wiki.dreamhost.com/index.php/Unix_Groups#DreamHost_Security_Defaults

I’ll copy-and-paste it here:

When you add a user, it is automatically added to your default pg###### group. Another thing to note is that by default, all of your files are of the same default pg###### group unless you changed it yourself. This means that any other users that you have in the Web Panel have (read) access to all of your files. If you do not trust your users, follow the instructions below.

(It goes on to explain how to ensure that other users can’t access your files)

Save [color=#CC0000]$50[/color] on all yearly plans using promo code [color=#CC0000]PHEWSEPHIFTY[/color] when you sign up!


#11

So I was partly right then? You would still need a password to actually edit the files, correct?


Simon’s website
Save $100 on 1-year plans with promo code [color=#CC0000]SCJESSEY100[/color] (details)


#12

Yes. unless the file is chmoded to allow group members to write. (wiki entry on CHMOD)

Save [color=#CC0000]$50[/color] on all yearly plans using promo code [color=#CC0000]PHEWSEPHIFTY[/color] when you sign up!


#13

thank you guys soo soo much! so just chmod all the things i want to keep to myself and away from anyone in my group so that they can’t be read, written or executed in. thanks!


#14

…that system never works :frowning: . If there is one thing I have learned in working a a security professional for 25 years it is the “security by obscurity” offers no degree of security at all! :wink:

–rlparker


#15

Top Two:

  1. Connected to a network
  2. Shared

(OK, you might be able to fight that “shared” isn’t #2 but it certainly doesn’t help. Too many cooks spoil the broth.)

Wholly


#16

That’s no longer true. It used to be the case that users in the same server could see other users’ files but not read/write them. Now, at least in the boxen I’m hosted on you cannot ls the contents of any directory that is not owned by the user.