GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Security: preventing account A from seeing account B (https://gfy.com/showthread.php?t=1057643)

camperjohn64 02-14-2012 04:52 PM
Security: preventing account A from seeing account B
 
I have a server that up until now only been used for my own accounts. I am going to allow a friend to host an account, and I am rsearching how to prevent account A from seeing account B. He is a good friend so I'm not worried for him, I'm just thinking if he lets a webmaster access his account...

Suggestions?

Apache issues? PHP issues? SSH issues? FTP?

baddog 02-14-2012 04:58 PM
Just set up an FTP account for him that goes to his home folder and nowhere higher.

raymor 02-14-2012 05:11 PM
Talk to your server admin about "chrooted FTP". Most FTP servers can be set where you see only your own files.

Other than that, assume he can use PHP to SEE your files (but then he can see most of them in a browser anyway.) Any sensitive information stored on the server should be properly encrypted or hashed.

To prevent someone with an account seeing your files through their PHP script requires a bit more complex setup than I want to detail here, and it creates very significant new security problems the way most people do it, so the "short version" would be dangerous. The key is to create two NEW users - you_apache and him_apache. Your scripts would be set to run as you_apache and his would be set to run as him_apache.

CYF 02-14-2012 05:12 PM
set him up in a chrooted ssh jail.
config so 'ps' etc will only show his own running processes


All times are GMT -7. The time now is 08:40 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123