[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Re: CGI Wrap Errors

Subject: RE: [cobalt-developers] Re: CGI Wrap Errors
From: corliss@xxxxxxxxxxxxxxx
Date: Tue May 23 18:20:34 2000

On Tue, 23 May 2000, John Parris wrote:

> I just tried that and it doesn't work. Each site has it's own group, and
> each user for that site goes into the corresponding group. I get an error
> even when I ftp in on that site.
> 
> btw, it also appears that the directory permissions, by default, are set to
> 2775. Which to me, seems worse... ?

:-P  That's why I like BSD boxes better.  I never understood that crap about
every user having an unique UID *&* GID.   Buggers.  But you're right, 2775
isn't much better.  No isolation at all.

They've set the GID sticky bit on, eh?  Well, why not try 2771?  That should
keep the browsers out, but still let the daemons traverse the tree.  Still not
as secure as I'd like, since another user could still pull a file out of the
other user's space if they know the exact path and name.

It might still screw up FTP, but it's worth a shot.

	--Arthur Corliss
	  Programmer/Administrator
	  Gallant Technologies (http://www.gallanttech.com/)

Follow-Ups:
- Re: [cobalt-developers] Re: CGI Wrap Errors
  - From: Chris Adams

References:
- RE: [cobalt-developers] Re: CGI Wrap Errors
  - From: John Parris

Prev by Date: Re: [cobalt-developers] Re: CGI Wrap Errors
Next by Date: Re: [cobalt-developers] Re: CGI Wrap Errors
Previous by thread: Re: [cobalt-developers] Re: CGI Wrap Errors
Next by thread: Re: [cobalt-developers] Re: CGI Wrap Errors

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index