[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] Re: CGI Wrap Errors
On Tue, 23 May 2000, John Parris wrote:
> Since we're all ranting on security issues, I have a question/issue.
>
> The way home directory security is configured by default on the RAQ2 is a
> serious joke. Anyone that has telnet access can see files in just about any
> other web directory located in /home/sites/. I read on this list that
> changing the default security permissions on the directories disables quota
> management. It also can cause problems with getting a bash prompt on telnet.
>
> Now, I know for a fact I've already had one user nosing around in other web
> site directories. My question is, is there a way to change all these
> permissions, and make it a default setting for new sites, where other users
> with telnet cannot go snooping around reading other users' files?
Now, I don't use the Cobalts for hosting (don't trust them that much ;-), but
if they're set up anything like the Qube I have next to my desk, then it's
easy. Looks like they set the directory permissions to 0755, which *is*
sloppy and ludicrous. If all of your users are in the same group (users),
then change the permissions to 0701. That will disallow users from prowling,
while still letting the web server to access the internal directories to serve
pages.
This shouldn't intefere with shell access or quotas.
--Arthur Corliss
Programmer/Administrator
Gallant Technologies (http://www.gallanttech.com/)