[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Telnet/SSH simple user permissions

Subject: [cobalt-security] Telnet/SSH simple user permissions
From: Dave Anders <hostmaster@xxxxxxxxxxxxx>
Date: Thu, 6 Jun 2002 16:51:25 -0400
Organization: Deltaphon Multimedia GmbH
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Today I found the following problem :

As soon as a simple user or siteadmin got
Telnet/SSH access to our RaQ4 or XTR he is 
able to walk through all domain directories.

He has permissions to read and copy all
files of all domain directories also the
server files under /home/sites/home/web

What a security risk !

Only the user directories /users/. are
safe = Permission denied !

All files - except the files of the user directories - 
are owned by nobody which is strange to me.

I tried to disable shell account for certain
domains and it's users using the Cobalt interface 
(Site Settings). After that the interface indicated
Telnet/Shell access disabled for e.g. user alfred, 
but user alfred is still able to access the server 
by Telnet and SSH.

The only way out was to disable Telnet and SSH 
systemwide.

What can I do to restrict user permissions so users
are no longer able to walk through all domain (site)
directories.

Shall I replace the owner nobody by the username of
the siteadmin of each domain.

Thanks in advance,
--Dave

Follow-Ups:
- Re: [cobalt-security] Telnet/SSH simple user permissions
  - From: David Lucas

Prev by Date: [cobalt-security] Jon Pennycook/Digital/PSION/GB is out of the office.
Next by Date: RE: [cobalt-security] Jon Pennycook/Digital/PSION/GB is out of the office.
Previous by thread: RE: [cobalt-security] Jon Pennycook/Digital/PSION/GB is out of the office.
Next by thread: Re: [cobalt-security] Telnet/SSH simple user permissions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index