All,Ah, yes this joyous question. As I understand it, our intentions are not well met in this regard, because the whole owner:group and permissions issue is directly related to how cobalt's Admin/User GUI access, quota, and bandwidth functions work.
I too would like to set up all the web files to be owned by owner and grouped by httpd or mosaic and eliminate world privs, but I can't figure out how to do it with out bringing the rest of the features to their knees. My sad, but simple solution--No Telnet Access to anyone but me.
This is most certainly a half-assed way to implement and at least as half-assed to workaround, but what can we do--I don't think cobalt is listening. It seems that the whole series of products were orig designed to serve users within one enterprise wherein the common company objective and internal policy would loosely address certain file security issues. (I draw this conclusion based on several possibly specious factors)
One thing is certain, the various possibilities for small-to-medium scale web hosting of unrelated/unaffiliated clients was not even considered from this perspective by Cobalt Prod Mgmt and thereby constitutes a major security issues. <-- Boy would I like to prod them.
JP
Hi there.Is there any reason why I can't chmod all of the sites in my /home/sites directory not to be readable/executable by other? I don't see any reason why a person who has telnet access to the machine should be allowed to traipse through other sites on the machine.Also, if there's no reason why I can't, what file do I have to alter (no doubt voiding the warranty) to create sites with these permissions missing in the first place?Thanks, Michelle A. Hoyle -- --------------------TRANSCENA DESIGN-------------------- Michelle A. Hoyle | michelle@xxxxxxxxxxxxx | 780-429-2363 801 TD Tower Edmonton Alberta Canada T5J 2Z1 --------------------www.transcena.com-------------------- _______________________________________________ cobalt-security mailing list cobalt-security@xxxxxxxxxxxxxxx http://list.cobalt.com/mailman/listinfo/cobalt-security
-- -------------- | Jerry Pape | jpape@xxxxxxxx --------------