Date: Mon, 11 Dec 2000 22:27:13 -0800 (PST) From: dima@unixfreak.org (Dima Dorfman) To: aj@entic.net (Anil Jangity) Cc: freebsd-questions@freebsd.org, aj@entic.net Subject: Re: Can't remove uid "nobody" files... Message-ID: <20001212062713.1650B3E09@bazooka.unixfreak.org> In-Reply-To: <Pine.BSF.4.31.0012120536240.69676-100000@mars.entic.net> from "Anil Jangity" at Dec 12, 2000 05:45:20 AM
next in thread | previous in thread | raw e-mail | index | archive | help
[Dropped freebsd-security from cc list; off topic.] Anil Jangity wrote: > > IHAU who created some files (don't know how) but I can't seem to remove > them: > > roki@mars: ~/public_html/cgi-bin/UltraBoard/Private/Backups % ls -loa > index.html > -rw-r--r-- 1 nobody shell - 143 Sep 25 22:48 index.html > roki@mars: ~/public_html/cgi-bin/UltraBoard/Private/Backups % pwd > /home/roki/public_html/cgi-bin/UltraBoard/Private/Backups > > Two questions: > > 1. How did he create a file with permissions "nobody"? I tried to do the By default, Apache runs as the user 'nobody'. If a program started from the web server (CGI) attempts to write something, it will show up with the user id of nobody. If you don't like this behavior, you may want to look into setting up suexec (see www.apache.org). > same and I either get operation not permitted or it really creates the > file with my uid and not as uid nobody. I even tried to tar -cvf up a file > with uid nobody and then tried to extrat it as normal user... just to see Mortal (non-superuser) users can't change ownership of their own files (except on some *really* old SunOS systems). Groups are a different story. If you could "give away" your own files, though, what would stop you from copying /bin/csh into your home directory, setting its mode to 4555 (set userid), and changing its ownership to root? You would effectively have a shell that runs set userid to root. That, for obvious reasons, is not good for security. > > 2. How do I remove them? (I haven't tried to do it as root... just yet) If you own the directory, you can remove them. A regular 'rm' should work. In any case, doing it as root or from the web server would work as well. -- Dima Dorfman <dima@unixfreak.org> Finger dima@unixfreak.org for PGP public key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001212062713.1650B3E09>