Re: [cobalt-security] Telnet/SSH simple user permissions

[David Lucas <david@xxxxxxxxxxxxxxxx>]

At 03:51 PM 6/6/2002, you wrote:
> Today I found the following problem :
>
> As soon as a simple user or siteadmin got
> Telnet/SSH access to our RaQ4 or XTR he is
> able to walk through all domain directories.
>
> He has permissions to read and copy all
> files of all domain directories also the
> server files under /home/sites/home/web
>
> What a security risk !
>
> Only the user directories /users/. are
> safe = Permission denied !
>
> All files - except the files of the user directories -
> are owned by nobody which is strange to me.
>
> I tried to disable shell account for certain
> domains and it's users using the Cobalt interface
> (Site Settings). After that the interface indicated
> Telnet/Shell access disabled for e.g. user alfred,
> but user alfred is still able to access the server
> by Telnet and SSH.

Must be something wrong on yours, it works on mine.

> The only way out was to disable Telnet and SSH
> systemwide.
>
> What can I do to restrict user permissions so users
> are no longer able to walk through all domain (site)
> directories.

Change permissions.

> Shall I replace the owner nobody by the username of
> the siteadmin of each domain.

nobody is the computer vs root or admin
I would venture you created the directories as admin.

> Thanks in advance,
> --Dave
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security