[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Telnet/SSH simple user permissions
- Subject: Re: [cobalt-security] Telnet/SSH simple user permissions
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Wed, 12 Jun 2002 11:43:03 -0700
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Dave Anders wrote:
> I changed
>
> drwxr-xr-x 7 nobody home 4096 Mar 13 11:15
> /home/sites/home
>
> to
>
> drwxr-xr-x 7 admin home 4096 Mar 13 11:15
> /home/sites/home
>
> (Command chown -R admin home)
That doesn't affect the permissions for "the world" at all. Have you
read my post before you replied to it? Please reread it carefully. I
explain the concept of permissions as clearly as I know how.
> The problem belongs to this home directory and all site directories
> (site1, site2, site 3 ... site 75 ...)
>
> User alfred or peter is able to enter into that directory using the
> UNIX command cd /home/sites/home successfully.
Sure. Because the world permissions are r-x, which means anyone in the
world can read or execute the directory.
These are necessary permissions; otherwise no-one on the 'net could see
the sites.
> No permission denied message at all.
Alfred and Peter are members of the "world".
> Why is alfred allowed to enter into a directory which is
> owned by admin.
Because of the permissions.
You can change r-x to ---, but if you do, the website will cease to
work. See my notes in my original post for viable alternatives, though
I have no idea if any of them will work on a RaQ.
> It seems to me I have to fix that problem manually.
Be careful, or you'll make all your sites unreadable from the 'net.
> Since 1997 I'm working with Linux Red Hat.
> I've never seen such Linux configuration before.
So what ownership permissions have you seen? Please post an example.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA 92517
voice: +1 909 778-9980 * fax: +1 909 548-9484