Users can write data outside their directory (via SSH)

Nikos · November 3, 2011, 9:02pm

Hallo everyone,

I know the topic of SSH and user’s permissions was discussed many times, but I haven’t found reason / solution for this:

I create new server with one user - this user has SSH access by default, into his home directory /home/user
If I login via SSH like this user, I can access folders like /etc /var and others - this is known “issue”
But what I didn’t figured out, why this user can write into /etc /var and others?

The problem is, that this user can use e.g. folder /tmp like the storage no matter the limitations of his account. Or he can just mess my system everywhere

Is this bug, or the classic behaviour?

Thanks for reply, best regards

Nikos

Eric · November 5, 2011, 2:24pm

Howdy,

Users can read and write to any directory they have permission to access – and usually the default setup is secure There’s some details on that here:

http://www.virtualmin.com/documentation/security/faq

A user bring able to write to /tmp is normal – that’s what /tmp is there for.

A user can read some things in /etc and /var by default, but shouldn’t be able to write to it. Are you sure the user is actually able to write, and not just read?

-Eric

Nikos · November 5, 2011, 6:51pm

Oh, you are right. They can’t write to all directories like /etc. Thanks for the link - that cleared my doubts :-).

Just last question - if I set data size limitation for virtual server - etc. 100MB - can the user write to the /tmp directory more than 100MB?

helpmin · November 6, 2011, 11:57am

he can not

Eric · November 7, 2011, 3:03pm

Howdy,

Helpmin is correct – so long as your /tmp directory is on the same partition as /home – your user quotas apply to both directories.

-Eric