[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Telnet/SSH simple user permissions

Dave Anders wrote:

> I changed
> 
> drwxr-xr-x   7 nobody    home         4096 Mar 13 11:15
> /home/sites/home
> 
> to
> 
> drwxr-xr-x   7 admin    home         4096 Mar 13 11:15
> /home/sites/home
> 
> (Command chown -R admin home)

That doesn't affect the permissions for "the world" at all.  Have you
read my post before you replied to it?  Please reread it carefully.  I
explain the concept of permissions as clearly as I know how.

> The problem belongs to this home directory and all site directories
> (site1, site2, site 3 ... site 75 ...)
> 
> User alfred or peter is able to enter into that directory using the
> UNIX command cd /home/sites/home successfully.

Sure.  Because the world permissions are r-x, which means anyone in the
world can read or execute the directory.

These are necessary permissions; otherwise no-one on the 'net could see
the sites.

> No permission denied message at all.

Alfred and Peter are members of the "world".

> Why is alfred allowed to enter into a directory which is
> owned by admin.

Because of the permissions.

You can change r-x to ---, but if you do, the website will cease to
work.  See my notes in my original post for viable alternatives, though
I have no idea if any of them will work on a RaQ.

> It seems to me I have to fix that problem manually.

Be careful, or you'll make all your sites unreadable from the 'net.

> Since 1997 I'm working with Linux Red Hat.
> I've never seen such Linux configuration before.

So what ownership permissions have you seen?  Please post an example.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484