[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ2: Default user access/site permissions

Subject: Re: [cobalt-security] RaQ2: Default user access/site permissions
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Fri, 1 Sep 2000 14:24:56 -0400

I believe the answer is that user httpd, which is of course the apache web
server itself, needs to have read/execute access to these files. It is not a
member of any web site groups, as it could not be because of the 32 group
limit in linux. If user httpd does not have read/execute access to these
files, it obviously can not open them and serve them to the world.

This I agree is not very secure, but there is no real workaround.

Kevin

----- Original Message -----
From: "Michelle A. Hoyle" <michelle@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, September 01, 2000 9:52 AM
Subject: Re: [cobalt-security] RaQ2: Default user access/site permissions


> >  >Hi there.
> >>
> >>Is there any reason why I can't chmod all of the sites in my
> >>/home/sites directory not to be readable/executable by other?  I
> >>don't see any reason why a person who has telnet access to the
> >>machine should be allowed to traipse through other sites on the
> >>machine.
> >>
> >>Also, if there's no reason why I can't, what file do I have to alter
> >>(no doubt voiding the warranty) to create sites with these
> >>permissions missing in the first place?
> >>
> >>Thanks,
> >>
> >>Michelle A. Hoyle
> >>
> >  >--
>
> Actually, at the time I asked this, I went in as root and chmod
> ugo-wx * everything in /home/sites/.  It worked fine for 7 days and
> Ididn't noticed anything not working, but maybe I'm not looking in
> the right place.  All CGIs, htaccess files, HTML files seem to work
> fine for it.  Mail seems to work OK.
>
>
> THEN:
>
> I installed the latest security upgrade to the machine
> (RaQ2-en-Update-OS-3.0.pkg) and all Hell broke loose.  My secure
> administration server no longer works at all and the web server
> couldn't serve out pages from the sites anymore.  Returned a "You
> don't have permission to access these files".
>
> I'd still rather leave all sites in /home/sites/ o-rx, any ideas on
> what was done in the upgrade that would cause this not to work
> anymore?
>
> M
>
> --
>
> ----|      TRANSCENA DESIGN  |----------------------------
> Michelle A. Hoyle, VP Web Technologies, Canada
> #801 T.D. Tower, Edmonton, Alberta, Canada  T5J 2Z1
> N. America:  1-888-429-2363  |  UK:  020 7529 1465
> International:  +1 780 429 2363
> ------------------|  internet design architects     |--------
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- Re: [cobalt-security] RaQ2: Default user access/site permissions
  - From: Michelle A. Hoyle

Prev by Date: Re: [cobalt-security] RaQ2: Default user access/site permissions
Next by Date: [cobalt-security] raq3i dns
Previous by thread: Re: [cobalt-security] RaQ2: Default user access/site permissions
Next by thread: RE: [cobalt-security] RaQ2: Default user access/site permissions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index