LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-18-2005, 04:38 PM   #1
proton666
Member
 
Registered: Jan 2003
Distribution: FreeBSD 5.3
Posts: 35

Rep: Reputation: 15
Browsing directories and files without permisssions


I was in class the other day, and my programming instructor told us something quite interesting about the UNIX server which runs AIX 5.2.0. He is also the university's Senior Systems/Network Specialist. Well a classmate was waving around their userid around kind of causally. He told him to be careful because of security issues. The interesting thing he said was that our userid corresponds to the name of our personal folder and that someone who has our userid can browse our folder. All it took was a simple command. I tried it on a friend and when I try to ls or cd to his folder, I get "permission denied." Same when he does it to mine. So what is this simple command he was talking about???
 
Old 02-19-2005, 12:49 AM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
as long as you remove read access to any group or "everyone" your files are only available to you and root. Not sure what your professor is talking about, but the default for AIX might allow all members of the "users" group to have read access to your folder, but then you and your friend can't view each others, so maybe the default access is different.
 
Old 02-19-2005, 06:48 PM   #3
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
run ls -l /path/to/homes. All the homedirs should be 700 (drwx------). If they're not, your teacher/systems admin has no business talking security. If they are, then he was just trying to scare you or talking out his arse.

Either is about as likely as the other...
 
Old 02-20-2005, 09:26 AM   #4
proton666
Member
 
Registered: Jan 2003
Distribution: FreeBSD 5.3
Posts: 35

Original Poster
Rep: Reputation: 15
I looked and any students directory isn't really saved in the /home dir. /home is linked with another directory located on a different server. The permissions on the actual directory is 701 (drwx-----x). So I guess no dice.
 
Old 02-20-2005, 10:29 AM   #5
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
Ah ... Now that's a different matter.

If there are files in the users home directory, and you know what they are (the filename), having the world x bit set, you can read files out of the directory, but not get a directory listing. So your admin/teacher was telling the truth, but there are conditions.

I'd ask him *why* they have the world x bit set on your home directory (or, if you own your home directory, set it 700 and smile )

Last edited by sigsegv; 02-20-2005 at 10:30 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CHMOD directories.sub-directories.files zerojosh Linux - Software 2 11-19-2005 03:22 PM
FTP users prevent browsing to other directories mephesto Linux - Software 2 05-07-2005 10:03 AM
Samba does not allow writing to public shares / browsing home directories disallowed Xolo Linux - Software 6 02-14-2005 04:22 PM
browsing directories - apache 1.3.x Marble Linux - Networking 3 05-14-2003 06:01 PM
BASH scripting browsing multiple directories PokerFace Programming 3 10-02-2002 12:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration