[thelist] Able to get to other users on server folders

matt newell matt at sweetillusions.org
Wed May 16 11:22:07 CDT 2001


it depends on the chmod attributes for each user's directory.

most people aren't holding their last year's tax docs on their shell
account, so there is no need to lock it down to local read/view. but, then
again -- there are a lot of newbies out there that have sensitive things
they probably wouldn't want others finding.

is it the hoster's problem? maybe, but doubtful. they have legalease for all
that kinda stuff :)

should the user's take better security precautions on their own? prolly.

a user has control over his acct and what people outside see. some users
have less strict chmod settings, so how could the hoster be responsible for
all the possibilities .. good /and/ bad.


        .. matt

        .. www.sweetillusions.org
        .. matt at sweetillusions.org

        .. in our madness evermore we rave - chaucer

----- Original Message -----
From: "Gina K. Anderson" <gina at sitediva.com>
To: "Evolt" <thelist at lists.evolt.org>
Sent: Wednesday, May 16, 2001 9:13 AM
Subject: [thelist] Able to get to other users on server folders


: Hi all,
:
: I just found a real disturbing thing while using FTP on a shared server
for one
: of my clients. I was uploading an update, and accidentally hit the "up
: directory" too many times. I stumbled into the entire user list directory.
 From
: there I was able to get into as many directories as I clicked on, and
downloaded
: a few jpg's just to see if I could. I did not do anything else, nor enter
: folders that looked private. I thought it might be a fluke, so I
disconnected,
: and followed the same steps. I could repeat the process above..I didn't
try to
: upload, just because of the ethics involved. I have screen shots of each
step,
: and the download process of another user's stuff (jpgs).
:
: Before I go ranting off to the hoster, who has (or at least *had* 5 years
ago
: when I set them up through them) a very good reputation--is this normal
: practice? I have never seen a shared server that lets you into root
allowing
: access to other users folders? What's up with this???
:
: Gina
:
:
:
: ---------------------------------------
: For unsubscribe and other options, including
: the Tip Harvester and archive of TheList go to:
: http://lists.evolt.org Workers of the Web, evolt !
:





More information about the thelist mailing list