[thelist] Able to get to other users on server folders
Gina K. Anderson
gina at sitediva.com
Wed May 16 13:20:22 CDT 2001
Darrell,
Below are some permissions of what I can see. Also, I can read and view other
people's cgi scripts in their cgi-bin directories. I tried to find something
benign..I'm halfway afraid the hoster is going to see all this activity and log
me, then slap a "hacker" label on me.
When I go into another's folder through FTP, I don't just go straight into their
public_html folders when I click their user name folders. I can see folders that
are in their root. I cannot however, open them. I can open many of their folder
root files starting with ".", like ".login" etc. I never really learned the
letter part of permission, I always go by numbers, so..pardon my ignorance on
that. I'd have to look all these up to know what they really meant.
========================
|Try this command:
|ls -l /
========================
-rwxr-xr-x 1 root wheel 1806656 Feb 21 09:36 kernel
-rwxr-xr-x 1 root wheel 1787615 Oct 3 2000 kernel.1
-rwxr-xr-x 1 root wheel 1806656 Oct 28 2000 kernel.2
-rwxr-xr-x 1 root wheel 932428 Feb 21 09:46 kernel.227
-rwxr-xr-x 1 root wheel 1806656 Feb 21 09:36 kernel.384
-rwxr-xr-x 1 root wheel 1806656 Feb 21 09:36 kernel.512
-r-xr-xr-x 1 root wheel 3087410 Jul 27 2000 kernel.GENERIC
-rwxr-xr-x 1 root wheel 1564800 Feb 21 09:46 kernel.GENERIC.227
drwxr-xr-x 2 bin bin 1024 Aug 24 1998 lkm
drwxrwxrwt 7 root wheel 9216 Apr 13 20:05 lost+found
drwxr-x--- 2 root wheel 2560 Sep 30 2000 modules
drwx------ 2 root wheel 1024 Sep 17 1999 modules.227
lrwxr-xr-x 1 root wheel 10 Dec 18 12:57 proc -> /root/proc
drwxr-x--- 14 root wheel 1536 May 10 08:43 root
drwx------ 10 root wheel 1024 Feb 21 03:15 root.227
drwxr-xr-x 2 root wheel 2048 Oct 28 2000 sbin
drwx------ 2 root wheel 1536 Aug 25 1998 sbin.227
drwxr-x--- 4 root wheel 1024 Oct 1 2000 stand
drwx------ 4 root wheel 512 Sep 8 1998 stand.227
lrwxrwxrwx 1 root wheel 11 Oct 18 2000 sys -> usr/src/sys
drwxrwxrwt 2 root wheel 1024 May 16 13:51 tmp
lrwxr-xr-x 1 root wheel 3 Oct 29 2000 u2 -> usr
drwxr-xr-x 39 root wheel 1024 Feb 21 09:46 usr
drwxr-xr-x 18 root wheel 512 Oct 12 2000 var
==========================================
Here's a dir of my client's account files:
==========================================
drwxr-xr-x 4 acctname users 512 Oct 12 2000 .
drwxr-xr-x 125 root wheel 3072 May 9 15:38 ..
-rw-r--r-- 1 acctname users 1009 Apr 29 1997 .cshrc
-rw-r--r-- 1 acctname users 68 Nov 22 1999 .forward
-rw-r--r-- 1 acctname users 68 Nov 22 1999 .forward.old
-rw-r--r-- 1 acctname users 277 Apr 29 1997 .login
-rw-r--r-- 1 acctname users 37 Nov 22 1999 .mailproto
-rw-r--r-- 1 acctname users 254 Apr 29 1997 .mailrc
-rw------- 1 acctname users 54723 May 8 03:52 .procmail.log
-rw-r--r-- 1 acctname users 81 Nov 23 1999 .procmailrc
-rw-r--r-- 1 acctname users 52 Nov 22 1999 .procmailrc.old
-rw-r--r-- 1 acctname users 435 Apr 29 1997 .profile
-rw-r--r-- 2 acctname users 33 Oct 12 2000 .qmail
-rw-r--r-- 2 acctname users 33 Oct 12 2000 .qmail-default
drwx------ 3 acctname users 512 Apr 29 1997 frontpage
lrwxrwxrwx 1 root wheel 23 Oct 30 2000 public_html ->
/usr/www/users/acctname
drwx------ 2 accotname users 30720 May 16 00:02 www_logs
===================================================
Here's the dir on another user's folder(otheracct):
===================================================
drwxr-xr-x 3 otheracct users 512 Oct 12 2000 .
drwxr-xr-x 125 root wheel 3072 May 9 15:38 ..
-rw-r--r-- 1 otheracct users 1009 May 26 1997 .cshrc
-rw-r--r-- 1 otheracct users 30 Jul 22 1997 .forward
-rw-r--r-- 1 otheracct users 277 May 26 1997 .login
-rw-r--r-- 1 otheracct users 254 May 26 1997 .mailrc
-rw-r--r-- 1 otheracct users 435 May 26 1997 .profile
-rw-r--r-- 2 otheracct users 31 Oct 12 2000 .qmail
-rw-r--r-- 2 otheracct users 31 Oct 12 2000 .qmail-default
lrwxrwxrwx 1 root wheel 21 Oct 29 2000 public_html ->
/usr/www/users/otheracct
drwx------ 2 otheracct users 29696 May 16 00:02 www_logs
====================
ls -l on otheracct:
====================
lrwxrwxrwx 1 root wheel 21 Oct 29 2000 public_html ->
/usr/www/users/otheracct
drwx------ 2 otheracct users 29696 May 16 00:02 www_logs
So, what's the verdict?? I'm eager to know..
Gina
More information about the thelist
mailing list