[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Telnet/SSH simple user permissions

Subject: [cobalt-security] Telnet/SSH simple user permissions
From: Dave Anders <hostmaster@xxxxxxxxxxxxx>
Date: Wed, 12 Jun 2002 05:41:22 -0400
Organization: Deltaphon Multimedia GmbH
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>From: "David Lucas"

  Hi David,

> At 03:51 PM 6/6/2002, you wrote:
> >Today I found the following problem :
> >
> >As soon as a simple user or siteadmin got
> >Telnet/SSH access to our RaQ4 or XTR he is
> >able to walk through all domain directories.
> >
> >He has permissions to read and copy all
> >files of all domain directories also the
> >server files under /home/sites/home/web
> >
> >What a security risk !
> >
> >Only the user directories /users/. are
> >safe = Permission denied !
> >
> >All files - except the files of the user directories -
> >are owned by nobody which is strange to me.
> >
> >I tried to disable shell account for certain
> >domains and it's users using the Cobalt interface
> >(Site Settings). After that the interface indicated
> >Telnet/Shell access disabled for e.g. user alfred,
> >but user alfred is still able to access the server
> >by Telnet and SSH.

 
> Must be something wrong on yours, it works on mine.

  Have you installed all Blue LinQ software updates.
  I assume one of those updates caused that problem.
  I installed all updates.

 
> >The only way out was to disable Telnet and SSH
> >systemwide.
> >
> >What can I do to restrict user permissions so users
> >are no longer able to walk through all domain (site)
> >directories.

 
> Change permissions.

  I changed the permissions without any success.
  Every siteadmin/siteuser is still able to enter into 
  all site directories. They can read and copy but have
  no write permissions.
 

> >Shall I replace the owner nobody by the username of
> >the siteadmin of each domain.
> 
> nobody is the computer vs root or admin
> I would venture you created the directories as admin.
> 
> >Thanks in advance,
> >--Dave
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
> 
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] Telnet/SSH simple user permissions
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-security] Re: cobalt-security digest, Vol 1 #797 - 1 msg
Next by Date: RE: [cobalt-security] Re: cobalt-security digest, Vol 1 #797 - 1 msg
Previous by thread: Re: [cobalt-security] Telnet/SSH simple user permissions
Next by thread: Re: [cobalt-security] Telnet/SSH simple user permissions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index