Re: [cobalt-security] RaQ2: Default user access/site permissions

["malcolm" <malcolm@xxxxxxxxxxx>]

Here Here
if Cobalt are going to add features (ie offer Telnet Shell Accounts to
users)
they SHOULD ensure it works 100% and address ALL the implications
OR inform the Cobalt Customers (thats US with the $ !) what not to do (ie
use them)

Malcolm
Project Manager
Getme Internet Solutions
Maylite Business Centre, Martley, Worcester, WR66PQ, England
Tel             44 (0) 1886 887712
Fax           44 (0) 1886 887715
Website       www.getme.co.uk

Sales          sales@xxxxxxxxxxx
Support       support@xxxxxxxxxxx

Part of the Getme Ltd Group of companies
This electronic transmission (and/or documents accompanying it) may
contain confidential information belonging to the sender.  The information
is intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or the taking of any action in reliance on
the contents of this information is unauthorised and strictly prohibited.
Any views expressed within this electronic transmission are those of the
sender and may not necessarily represent those of the company.
----- Original Message -----
From: Jerry Pape <jpape@xxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, August 25, 2000 6:49 PM
Subject: Re: [cobalt-security] RaQ2: Default user access/site permissions


> All,
>
> Ah, yes this joyous question. As I understand it, our intentions are
> not well met in this regard, because the whole owner:group and
> permissions issue is directly related to how cobalt's Admin/User GUI
> access, quota, and bandwidth functions work.
>
> I too would like to set up all the web files to be owned by owner and
> grouped by httpd or mosaic and eliminate world privs, but I can't
> figure out how to do it with out bringing the rest of the features to
> their knees. My sad, but simple solution--No Telnet Access to anyone
> but me.
>
> This is most certainly a half-assed way to implement and at least as
> half-assed to workaround, but what can we do--I don't think cobalt is
> listening. It seems that the whole series of products were orig
> designed to serve users within one enterprise wherein the common
> company objective and internal policy would loosely address certain
> file security issues. (I draw this conclusion based on several
> possibly specious factors)
>
> One thing is certain, the various possibilities for small-to-medium
> scale web hosting of unrelated/unaffiliated clients was not even
> considered from this perspective by Cobalt Prod Mgmt and thereby
> constitutes a major security issues. <-- Boy would I like to prod
> them.
>
> JP
>
>
> >Hi there.
> >
> >Is there any reason why I can't chmod all of the sites in my
> >/home/sites directory not to be readable/executable by other?  I
> >don't see any reason why a person who has telnet access to the
> >machine should be allowed to traipse through other sites on the
> >machine.
> >
> >Also, if there's no reason why I can't, what file do I have to alter
> >(no doubt voiding the warranty) to create sites with these
> >permissions missing in the first place?
> >
> >Thanks,
> >
> >Michelle A. Hoyle
> >
> >--
> >--------------------TRANSCENA  DESIGN--------------------
> >Michelle A. Hoyle | michelle@xxxxxxxxxxxxx | 780-429-2363
> >801 TD Tower       Edmonton  Alberta  Canada      T5J 2Z1
> >--------------------www.transcena.com--------------------
> >
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> --
> --------------
> |  Jerry Pape
> |  jpape@xxxxxxxx
> --------------
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>