RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.

["KAMRY" <kamry1888@xxxxxxxxx>]

But can't they have privileges to the httpd demon and probably do some stuff
on that demon.

Kal

-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of shimi
Sent: Saturday, June 23, 2001 8:29 PM
To: cobalt-developers@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-developers] Security issues with running files
owned by httpd under a virtual site.



>
> Can some one comments on such a scenario as far as security goes:
>
> I have a site (site2) and that site's DocumentRoot is "/web"
> (/home/sites/site2/web) Then I cam and I created folders to be used.
>
> Under (/home/sites/site2) I created two folders as follow:
>
> drwx-wx---   2 site4_admin     httpd        1024 Jun 23 17:14 folder1
> drwx------   2 httpd           site4        1024 Jun 23 19:51 folder2

These directories has no effect whatsoever on httpd, as they're out of the
root directory for the site and thus irrelevant (with one expection - cgi
scripts CAN access there, and will have full permissions to do everything
in those two directories)

> Under (/home/sites/site2/web) I have:
>
> dr-x------  12 httpd    httpd        1024 Jun 23 02:40 folder3
>
>
> Thus, folder3 is browsable and set to rx just for httpd, now the issue is
> that am I violating any Cobalt rules. In other words is it secure to do
the
> above or am i opening a security whole? Any trouble I might get into other
> than the Quota for that virtual site (site2).

Same note like before?
>
> Any advice is highly appreciated,
>
> KAL
>
>
- shimi

_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com