NYCPHP Meetup

[Kamm, William R (Bill), ALABS]

I agree with Jay,  When I ftp or ssh into my account at boxnix, the root
directory is the home directory of my account.  I can't "cd ..".  I just
end up at the root level, and can only see my files.  How could anyone
else with a different account have access to my files?

Bill

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Jayesh Sheth
Sent: Tuesday, June 01, 2004 2:30 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] Pair Network's "security" model - could it be this
bad?


Hello all,

thanks for all of your quick replies.

To clarify on my current setup:

I am not an expert on UNIX permission and such things, but here is my 
(limited) understanding of how it might work:

- from the control panel, you can add an FTP or shell user

- from the control panel, a domain is mapped to either of those user's
files

- when you setup a domain, you can choose whether PHP scripts are run an

apache module (aka "running as Apache") OR as CGI (aka "running as my
user")

- when you FTP in, you cannot go "up" and browse a list of other user's 
directories, since you are in the root directory of the account into 
which you FTPed

- scripts are disabled from reading outside of their domain-files 
directory (something is changed in PHP's configurationhere ) 
["open_basedir Restrictions in effect, file is in wrong directory"]

- scripts cannot access external programs ["backticks (``), system(), 
exec(), passthru()" are disabled]

More information on the shared server's configuration:

https://panel.dreamhost.com/kbase/index.cgi?area=2526&keyword=security

So, as far as I know, files placed in a certain shell or FTP user's 
accounts are private.

Please correct me if this seems incorrect.

Best Regards,

- Jay

_______________________________________________
talk mailing list
talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk