[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-developers] RE: file permissions
- Subject: [cobalt-developers] RE: file permissions
- From: "Ian McCall" <ian@xxxxxxxxxxxx>
- Date: Tue Jun 11 14:49:57 2002
- Organization: Astirion Ltd.
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
In replay to Michael Stauber <devel@xxxxxxxxxxxxxx>'s post:
Not sure what you're getting at - would you care to elaborate?
To recap:
>> No, fortunately this is not the case. Users are placed into groups
>> based on their site (fred:site1, jill:site12 etc.). Although each
user
>> could see world-readable files...they would not be able to see files
>> where permission has been granted only for a group they are not in.
>>...
>That's wrong, Ian. Let's run through this by example:
>
>...
>So user "cbank" belongs to group "site19". Note that we were able to
get that
>information out of /etc/passwd which is a hillarious security breach to
begin
>with.
Agreed.
>Now note this:
I did. All of the files have world-readable permisssions on them, some
also with world-execute.
>So even though user "cbank" doesn't belong to site3 he can browse the
/web
>directory of this site. And as the permissions are in the above case he
has
>read access to all files there.
QED. I mentioned...
>> Depends on the file permission. If the order file is created with
>> world-readable permission, then the answer is yes.
So in your example, since all files have world-read and some have
world-execute, then any user from any site will be able to view them.
>Mit freundlichen Grüßen / With best regards
And also to you to. In other words, I have no wish or intention of
getting into any daft flame wars or whatever. Please take this as a
genuine query as to what you thought I'd got wrong. If I -have- got
something wrong, I'd rather know about it.
Cheers,
Ian