[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RaQ2: Default user access/site permissions
- Subject: Re: [cobalt-security] RaQ2: Default user access/site permissions
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Fri, 1 Sep 2000 14:24:56 -0400
I believe the answer is that user httpd, which is of course the apache web
server itself, needs to have read/execute access to these files. It is not a
member of any web site groups, as it could not be because of the 32 group
limit in linux. If user httpd does not have read/execute access to these
files, it obviously can not open them and serve them to the world.
This I agree is not very secure, but there is no real workaround.
Kevin
----- Original Message -----
From: "Michelle A. Hoyle" <michelle@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, September 01, 2000 9:52 AM
Subject: Re: [cobalt-security] RaQ2: Default user access/site permissions
> > >Hi there.
> >>
> >>Is there any reason why I can't chmod all of the sites in my
> >>/home/sites directory not to be readable/executable by other? I
> >>don't see any reason why a person who has telnet access to the
> >>machine should be allowed to traipse through other sites on the
> >>machine.
> >>
> >>Also, if there's no reason why I can't, what file do I have to alter
> >>(no doubt voiding the warranty) to create sites with these
> >>permissions missing in the first place?
> >>
> >>Thanks,
> >>
> >>Michelle A. Hoyle
> >>
> > >--
>
> Actually, at the time I asked this, I went in as root and chmod
> ugo-wx * everything in /home/sites/. It worked fine for 7 days and
> Ididn't noticed anything not working, but maybe I'm not looking in
> the right place. All CGIs, htaccess files, HTML files seem to work
> fine for it. Mail seems to work OK.
>
>
> THEN:
>
> I installed the latest security upgrade to the machine
> (RaQ2-en-Update-OS-3.0.pkg) and all Hell broke loose. My secure
> administration server no longer works at all and the web server
> couldn't serve out pages from the sites anymore. Returned a "You
> don't have permission to access these files".
>
> I'd still rather leave all sites in /home/sites/ o-rx, any ideas on
> what was done in the upgrade that would cause this not to work
> anymore?
>
> M
>
> --
>
> ----| TRANSCENA DESIGN |----------------------------
> Michelle A. Hoyle, VP Web Technologies, Canada
> #801 T.D. Tower, Edmonton, Alberta, Canada T5J 2Z1
> N. America: 1-888-429-2363 | UK: 020 7529 1465
> International: +1 780 429 2363
> ------------------| internet design architects |--------
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>