[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Telnet/SSH simple user permissions

Subject: Re: [cobalt-security] Telnet/SSH simple user permissions
From: Tim Dunn <tdunn@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 12 Jun 2002 11:56:25 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> drwxr-xr-x   7 nobody    home         4096 Mar 13 11:15
> /home/sites/home
> 
> to
> 
> drwxr-xr-x   7 admin    home         4096 Mar 13 11:15
> /home/sites/home
> 
> (Command chown -R admin home)

That won't help the fact that the directory is still set world-executable
and world-readable.  The problem depends on as which user your web server 
runs after it's started in rc?.d  If that user is in group 'home', then
you can safely change your directory to be non-world exe / read and not
fear other people cd'ing into it.

If the effective userid of the web server is *not* in group home, then 
doing that chmod will prevent no only user alfred1 from cd'ing into it
and/or reading files therein, but also prevent the web server from doing
the same.  This is probably not what you want to do.

tim

-- 
Mechanical Engineers build weapons.  Civil Engineers build targets.

References:
- [cobalt-security] Telnet/SSH simple user permissions
  - From: Dave Anders

Prev by Date: Re: [cobalt-security] SSH vs. .htaccess
Next by Date: [cobalt-security] Admin SSH
Previous by thread: Re: [cobalt-security] Telnet/SSH simple user permissions
Next by thread: RE: [cobalt-security] Telnet/SSH simple user permissions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index