[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Telnet/SSH simple user permissions
- Subject: [cobalt-security] Telnet/SSH simple user permissions
- From: Dave Anders <hostmaster@xxxxxxxxxxxxx>
- Date: Wed, 12 Jun 2002 05:41:22 -0400
- Organization: Deltaphon Multimedia GmbH
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>From: "David Lucas"
Hi David,
> At 03:51 PM 6/6/2002, you wrote:
> >Today I found the following problem :
> >
> >As soon as a simple user or siteadmin got
> >Telnet/SSH access to our RaQ4 or XTR he is
> >able to walk through all domain directories.
> >
> >He has permissions to read and copy all
> >files of all domain directories also the
> >server files under /home/sites/home/web
> >
> >What a security risk !
> >
> >Only the user directories /users/. are
> >safe = Permission denied !
> >
> >All files - except the files of the user directories -
> >are owned by nobody which is strange to me.
> >
> >I tried to disable shell account for certain
> >domains and it's users using the Cobalt interface
> >(Site Settings). After that the interface indicated
> >Telnet/Shell access disabled for e.g. user alfred,
> >but user alfred is still able to access the server
> >by Telnet and SSH.
> Must be something wrong on yours, it works on mine.
Have you installed all Blue LinQ software updates.
I assume one of those updates caused that problem.
I installed all updates.
> >The only way out was to disable Telnet and SSH
> >systemwide.
> >
> >What can I do to restrict user permissions so users
> >are no longer able to walk through all domain (site)
> >directories.
> Change permissions.
I changed the permissions without any success.
Every siteadmin/siteuser is still able to enter into
all site directories. They can read and copy but have
no write permissions.
> >Shall I replace the owner nobody by the username of
> >the siteadmin of each domain.
>
> nobody is the computer vs root or admin
> I would venture you created the directories as admin.
>
> >Thanks in advance,
> >--Dave
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>