Re: [cobalt-developers] Re: CGI Wrap Errors

[Will DeHaan <will@xxxxxxxxxx>]

corliss@xxxxxxxxxxxxxxx wrote:

> > > Since we're all ranting on security issues, I have a question/issue.
> > > The way home directory security is configured by default on the RAQ2 is
> > > a serious joke. Anyone that has telnet access can see files in just
> > > about any other web directory located in /home/sites/.
> >
> > Ok, so how is this a joke?  How else do you serve web data with an
> > unpriveleged web server?  Public web data is public to shell users too.
> >
> > I think I'm grossly missing your point here..
> 
> No offense, but anyone who's every provided hosting services knows how to
> answer that question.  It *is* a joke.  In the BSD world, we'd do something
> like the following:
> 
>         --All hosting clients belong to one group (users)
>         --Home directories are set to 0701
>         --Apache runs as a unique UID/GID
> 
> <G>  That wasn't hard.  Users can no longer access each other's private space,
> and Apache can still serve the public data.

RaQs have tiered administrative access based on common groups, "Site
administrators" we call them.  Many ISPs really like this style of
access that can't exist with your <G>-so-simple permissions plan.  I
understand that you don't care about this functionality. 

This thread is useless unless we're pursuing better permissions on
Cobalt boxes with the intention of preserving what it is that Cobalt
boxes do.


	-- Will