Browsing directories and files without permisssions
 

I was in class the other day, and my programming instructor told us something quite interesting about the UNIX server which runs AIX 5.2.0. He is also the university's Senior Systems/Network Specialist. Well a classmate was waving around their userid around kind of causally. He told him to be careful because of security issues. The interesting thing he said was that our userid corresponds to the name of our personal folder and that someone who has our userid can browse our folder. All it took was a simple command. I tried it on a friend and when I try to ls or cd to his folder, I get "permission denied." Same when he does it to mine. So what is this simple command he was talking about???

as long as you remove read access to any group or "everyone" your files are only available to you and root. Not sure what your professor is talking about, but the default for AIX might allow all members of the "users" group to have read access to your folder, but then you and your friend can't view each others, so maybe the default access is different.

run ls -l /path/to/homes. All the homedirs should be 700 (drwx------). If they're not, your teacher/systems admin has no business talking security. If they are, then he was just trying to scare you or talking out his arse.

Either is about as likely as the other...

I looked and any students directory isn't really saved in the /home dir. /home is linked with another directory located on a different server. The permissions on the actual directory is 701 (drwx-----x). So I guess no dice.

Ah ... Now that's a different matter.

If there are files in the users home directory, and you know what they are (the filename), having the world x bit set, you can read files out of the directory, but not get a directory listing. So your admin/teacher was telling the truth, but there are conditions.

I'd ask him *why* they have the world x bit set on your home directory (or, if you own your home directory, set it 700 and smile ;) )