On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας <nikos.gr...@gmail.com> wrote: > Now about what you did to me. I wanted to tell you that I (and I am sure > there are other people too) don't agree with what you did. I think it was > pretty rotten -- you told me it was a bad idea to give out the root password > and that was as far as you should have gone, you had no right to "prove" it > by screwing with my system. > > In the US there is a law called the DMCA which I think would make what > you did illegal, even though i have you a password, because i > clearly gave you access to help me fix a problem, not to do what you > did. Of course US law doesn't help in this case since you i live in Greece > and you live in Australia...
IANAL, but I don't think the DMCA has anything to do with this. (That is to say, I don't think it would even if everything were under US jurisdiction, which as you say isn't the case anyway.) What I did is no more illegal than you lending your car keys to a stranger with the request that he lock your door for you, and him then leafing through the contents of your car and telling your spouse what he found. If that causes your marriage to break up, the fault was with you for having something in your car that would break up your marriage, and for letting a stranger poke around in there. > I still maintain my belief that most people are good and want to help > rather than be destructive(which to your defense you weren't entirely. The > mails you sent to my few customers though really pissed me off). The mails to your customers stop you from pretending to them that you know what you're doing. That's all. Now, you may be able to come back from this by making a public change of policy (you so far have a declared stance that you would give out the root password to someone else in future) and apologizing profusely to your customers, but if you can't, that is your problem and not mine. I was programming computers for eighteen years before I got a job doing it. Getting money for hosting people's web sites is something that you should see as a privilege for people who can demonstrably provide this service safely, and should not be something you strive for while you're learning the basics of Linux. > And of course, i have no idea, if you ahve installed some kind of a backdoor > utility that will grant you shell access via ssh to my system. > I want to convince myself that you haven't done so. I can help with that convincing. No, I did not install any sort of backdoor. There is no way you can prove that statement, but you have my promise and pledge that your system is safe from me. All I did was: 1) Change the root password, storing the new one in a way that you could find it 2) Create the cookie file as proof of what I could do 3) Collect email addresses from /home/*/.contactemail 4) Inspect the index.html files in a few directories as a means of locating the web sites concerned 5) 'mv .bash_history .bash_history_old', and later mv it back There is no ongoing access, and now that you've changed the root password (btw, I hope you weren't silly enough to change it to the same password you emailed me), the system is under your control again. But you cannot be sure that the *other* people you've given root access to didn't do the same. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
