Re: [cobalt-security] Need to know default permissions and ownerships for cobalt CGI

[David Lucas <david@xxxxxxxxxxxxxxxx>]

At 02:41 PM 4/18/2003, you wrote:
> The story for why is here:
> http://www.webhostingtalk.com/showthread.php?s=7d8c602c2f91e5370cd8573f15a8e762&threadid=133125
>
> but my siteadmin and admin gui do not work.
>
> When I access them from the shell I  get this stuff:
>
> I'm getting this from the shell:
>
> [admin siteUserList]$ ./siteUserList.cgi
> Can't locate Cobalt/Meta.pm in @INC (@INC contains:
> /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503
> /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005
> .) at /usr/lib/perl5/site_perl/5.005/Cobalt/User.pm line 48.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/Cobalt/User.pm line 48.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/Cobalt/Ftp.pm line 31.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.005/Cobalt/Vsite.pm line 58.
> [admin siteUserList]$
>
> and this:
>
> [root siteUserList]# ./siteUserList.cgi
> location: /.cobalt/error/forbidden.html
>
> Unauthorised access by , not a member of .
>
>
> I notice the files are all owned by root but don't have a working box to
> compare to.  That seems odd to me.
>
> drwxr-xr-x   2 root    
> root         1024 Feb 26 02:23
> admin
> drwxr-xr-x   2 root    
> root         1024 Feb 26 02:23
> alert
> drwxr-xr-x   2 root    
> root         1024 Feb 26 02:23
> alertSignal
> drwxr-xr-x   2 root    
> root         1024 Feb 26 02:23
> arkeia
>  . . ..
>
>
> The box is a raq 4.


Those aren't files, but directories and yes they are owned by
root.

Looks a bit like perl was upgraded.  I think it was written that it
would hose the GUI. 
You can install an updated perl, but it has to be in a different
directory as to not hose the GUI.
Did you update perl?


-- 
This message has been scanned for viruses and
dangerous content by
MailScanner,
and is
believed to be clean.