[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Telnet/SSH simple user permissions
- Subject: Re: [cobalt-security] Telnet/SSH simple user permissions
- From: Tim Dunn <tdunn@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Jun 2002 11:56:25 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> drwxr-xr-x 7 nobody home 4096 Mar 13 11:15
> /home/sites/home
>
> to
>
> drwxr-xr-x 7 admin home 4096 Mar 13 11:15
> /home/sites/home
>
> (Command chown -R admin home)
That won't help the fact that the directory is still set world-executable
and world-readable. The problem depends on as which user your web server
runs after it's started in rc?.d If that user is in group 'home', then
you can safely change your directory to be non-world exe / read and not
fear other people cd'ing into it.
If the effective userid of the web server is *not* in group home, then
doing that chmod will prevent no only user alfred1 from cd'ing into it
and/or reading files therein, but also prevent the web server from doing
the same. This is probably not what you want to do.
tim
--
Mechanical Engineers build weapons. Civil Engineers build targets.