Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 5 of 5

This is a discussion on valiases in the Shared & Semi-Dedicated forum
Now that we have jailshell rather than the old SSH access, is it still possible to manually edit the valiases file, or does this need ...

  1. 07-13-2003, 05:41 PM #1
    hughnet
    hughnet is offline
    VPS Client
    Join Date
    Jun 2002
    Location
    Sydney, Australia
    Posts
    25

    Question valiases

    Now that we have jailshell rather than the old SSH access, is it still possible to manually edit the valiases file, or does this need to be done via a support ticket.

    I am working on a ticket system that would require email sent to a certain email address to queue (requiring the email to be sent to a script rather than a mailbox). I remember doing this once before, but the file is not showing any longer, so I assume it's been "jailshelled" off.

    Conversely, is it possible to manually manipulate the file /etc/valiases/domain.com from a perl script? It wouldn't be that hard to write something to modify the file via a perl script, if the script would have the access.
    Reply With Quote Reply With Quote
  2. 07-13-2003, 06:09 PM #2
    gerilya
    gerilya is offline
    Jag Veteran
    Join Date
    Sep 2002
    Posts
    650
    Talking from technical point of view, as long as you have your perl script being executed by webserver (and not within jailshell), it should be able to access and modify /etc/valiases/domain.com file if it's yours
    This is, by the way, one of the reasons why I can't take seriously all these comments about enhanced security.
    Last edited by gerilya; 07-13-2003 at 07:48 PM.
    Reply With Quote Reply With Quote
  3. 07-13-2003, 07:08 PM #3
    jason
    jason is offline
    Community Leader jason's Avatar
    Join Date
    Sep 2001
    Location
    Rochester, NY
    Posts
    6,003
    I agree with Gerilya about the security thing. JailShell puts many restrictions on what you can do from your shell, but the HTTPD process's shell is still bash. Therefore, you write a script and run it as a CGI to bypass the JailShell "protections." If a script is run as a CGI, it is run from your User ID with a normal bash shell.

    As for being able to edit the file, yes it should be possible. /etc/valiases/domain.com should be owned by you, so you should be able to write to it with a CGI script.

    I'm not sure why JailShell doesn't let you see the alias files for your domains, after all, you can go as far as looking at your account and the service accounts in /etc/passwd (the rest are filtered out. Its probably just a feature the authors forgot to include, along with the initial cd into your home directory and a few other things that I've come across now and then.

    I suppose that JailShell is useful for keeping some users from doing things they shouldn't, but from a security standpoint, its like locking the front door while keeping the back door unlocked and wide open.

    --Jason
    Jason Pitoniak
    Interbrite Communications
    www.interbrite.com www.kodiakskorner.com
    Reply With Quote Reply With Quote
  4. 07-13-2003, 07:23 PM #4
    gerilya
    gerilya is offline
    Jag Veteran
    Join Date
    Sep 2002
    Posts
    650
    Gee! This is the first time me and Jason agree on the security issue
    Reply With Quote Reply With Quote
  5. 07-13-2003, 08:17 PM #5
    jason
    jason is offline
    Community Leader jason's Avatar
    Join Date
    Sep 2001
    Location
    Rochester, NY
    Posts
    6,003
    Originally posted by gerilya
    Gee! This is the first time me and Jason agree on the security issue
    LOL

    --Jason
    Jason Pitoniak
    Interbrite Communications
    www.interbrite.com www.kodiakskorner.com
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules