[Tfug] website file ownership problem

Paul Scott waterhorse at ultrasw.com
Tue Apr 3 08:39:39 MST 2007


Brian Murphy wrote:
> Quoting Paul Scott <waterhorse at ultrasw.com>:
>   
>> A website I maintain - http://www.susanartemis.com/ recently it has
>> become inaccessible because it's main control file has had it's
>> owner/group changed to "root/wheel" and there is no read permission.
>> They are suggesting that I upload a new "script" without security flaws
>> but how can I upload/replace a file that their admin now owns?
>>
>> The hosting company - 1hourhosting.com claims that the site has been
>> hacked because of a security flaw in my code.  It is certainly possible
>> that my simple code PHP code might have security flaws but could that
>> have allowed a file's ownership to be changed to root?
>>
>>     
>
>
> If you have ownership on the directory you should be able to delete a
> root owned file.
>
> A non-root user should never be able to chown a file to root.  Most
> unixes don't allow nonroot any chown privileges.  Your provider has
> bigger problems if these things really happened.
>
> At the risk of being flamed, I run a shared web hosting business that
> uses suexec to run all php and cgi files as the user who owns the file,
> not the general apache user.  Email me off the list if you would like
> more information. (brian at dormhost.com)
>   
I only have FTP access that I know of.  I was able to rename the file
and change index.php to point to the new file and get the site back for now.

I was not able to change anything about the original file.  Well now I
check back and the original file has the correct permissions and
ownership again and the site is back to normal!  I haven't heard back
from them yet so I don't know the rest of the story.

Thanks, Brian and Adrian,

Paul





More information about the tfug mailing list