[thelist] Able to get to other users on server folders

Gina K. Anderson gina at sitediva.com
Wed May 16 13:20:22 CDT 2001 

Darrell,

Below are some permissions of what I can see. Also, I can read and view other
people's cgi scripts in their cgi-bin directories. I tried to find something
benign..I'm halfway afraid the hoster is going to see all this activity and log
me, then slap a "hacker" label on me.

When I go into another's folder through FTP, I don't just go straight into their
public_html folders when I click their user name folders. I can see folders that
are in their root. I cannot however, open them. I can open many of their folder
root files starting with ".", like ".login" etc. I never really learned the
letter part of permission, I always go by numbers, so..pardon my ignorance on
that. I'd have to look all these up to know what they really meant.


========================
|Try this command:
|ls -l /
========================
-rwxr-xr-x   1 root  wheel  1806656 Feb 21 09:36 kernel
-rwxr-xr-x   1 root  wheel  1787615 Oct  3  2000 kernel.1
-rwxr-xr-x   1 root  wheel  1806656 Oct 28  2000 kernel.2
-rwxr-xr-x   1 root  wheel   932428 Feb 21 09:46 kernel.227
-rwxr-xr-x   1 root  wheel  1806656 Feb 21 09:36 kernel.384
-rwxr-xr-x   1 root  wheel  1806656 Feb 21 09:36 kernel.512
-r-xr-xr-x   1 root  wheel  3087410 Jul 27  2000 kernel.GENERIC
-rwxr-xr-x   1 root  wheel  1564800 Feb 21 09:46 kernel.GENERIC.227
drwxr-xr-x   2 bin   bin       1024 Aug 24  1998 lkm
drwxrwxrwt   7 root  wheel     9216 Apr 13 20:05 lost+found
drwxr-x---   2 root  wheel     2560 Sep 30  2000 modules
drwx------   2 root  wheel     1024 Sep 17  1999 modules.227
lrwxr-xr-x   1 root  wheel       10 Dec 18 12:57 proc -> /root/proc
drwxr-x---  14 root  wheel     1536 May 10 08:43 root
drwx------  10 root  wheel     1024 Feb 21 03:15 root.227
drwxr-xr-x   2 root  wheel     2048 Oct 28  2000 sbin
drwx------   2 root  wheel     1536 Aug 25  1998 sbin.227
drwxr-x---   4 root  wheel     1024 Oct  1  2000 stand
drwx------   4 root  wheel      512 Sep  8  1998 stand.227
lrwxrwxrwx   1 root  wheel       11 Oct 18  2000 sys -> usr/src/sys
drwxrwxrwt   2 root  wheel     1024 May 16 13:51 tmp
lrwxr-xr-x   1 root  wheel        3 Oct 29  2000 u2 -> usr
drwxr-xr-x  39 root  wheel     1024 Feb 21 09:46 usr
drwxr-xr-x  18 root  wheel      512 Oct 12  2000 var

==========================================
Here's a dir of my client's account files:
==========================================
drwxr-xr-x    4 acctname  users    512 Oct 12  2000 .
drwxr-xr-x  125 root      wheel   3072 May  9 15:38 ..
-rw-r--r--    1 acctname  users   1009 Apr 29  1997 .cshrc
-rw-r--r--    1 acctname  users     68 Nov 22  1999 .forward
-rw-r--r--    1 acctname  users     68 Nov 22  1999 .forward.old
-rw-r--r--    1 acctname  users    277 Apr 29  1997 .login
-rw-r--r--    1 acctname  users     37 Nov 22  1999 .mailproto
-rw-r--r--    1 acctname  users    254 Apr 29  1997 .mailrc
-rw-------    1 acctname  users  54723 May  8 03:52 .procmail.log
-rw-r--r--    1 acctname  users     81 Nov 23  1999 .procmailrc
-rw-r--r--    1 acctname  users     52 Nov 22  1999 .procmailrc.old
-rw-r--r--    1 acctname  users    435 Apr 29  1997 .profile
-rw-r--r--    2 acctname  users     33 Oct 12  2000 .qmail
-rw-r--r--    2 acctname  users     33 Oct 12  2000 .qmail-default
drwx------    3 acctname  users    512 Apr 29  1997 frontpage
lrwxrwxrwx    1 root      wheel     23 Oct 30  2000 public_html ->
/usr/www/users/acctname
drwx------    2 accotname users  30720 May 16 00:02 www_logs

===================================================
Here's the dir on another user's folder(otheracct):
===================================================
drwxr-xr-x    3 otheracct  users    512 Oct 12  2000 .
drwxr-xr-x  125 root       wheel   3072 May  9 15:38 ..
-rw-r--r--    1 otheracct  users   1009 May 26  1997 .cshrc
-rw-r--r--    1 otheracct  users     30 Jul 22  1997 .forward
-rw-r--r--    1 otheracct  users    277 May 26  1997 .login
-rw-r--r--    1 otheracct  users    254 May 26  1997 .mailrc
-rw-r--r--    1 otheracct  users    435 May 26  1997 .profile
-rw-r--r--    2 otheracct  users     31 Oct 12  2000 .qmail
-rw-r--r--    2 otheracct  users     31 Oct 12  2000 .qmail-default
lrwxrwxrwx    1 root       wheel     21 Oct 29  2000 public_html ->
/usr/www/users/otheracct
drwx------    2 otheracct  users  29696 May 16 00:02 www_logs

====================
ls -l on otheracct:
====================
lrwxrwxrwx  1 root       wheel     21 Oct 29  2000 public_html ->
/usr/www/users/otheracct
drwx------  2 otheracct  users  29696 May 16 00:02 www_logs


So, what's the verdict?? I'm eager to know..
Gina

More information about the thelist mailing list