[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] user's access rights via PHP and telnet

Subject: [cobalt-users] user's access rights via PHP and telnet
From: michael@xxxxxxxxxx
Date: Thu Mar 23 10:11:51 2000

Hi all,

I'm new to a RaQ3 and wonder that the default setup allows all telnet 
users to read ALL files ? at least all the files in the sites 
directories. Not only the own site! 

This problem was easy to fix: I created a user "http" and assign this to 
all site groups. Then I remove all World-Rights from the directories (# 
chmod -R o-rwx /home/sites/*).

But still, using a simple PHP skript in one of the sites (with fopen( 
"/home/sites/a-site-of-sombody-else/...", "r")) I can access and even 
write files of other sites on the same server.

Has anybody found a solution for this severe problem?

Thanks a lot
	Michael

Prev by Date: Re: [cobalt-users] How do you run pico in a RaQ2?
Next by Date: [cobalt-users] Question
Previous by thread: RE: [cobalt-users] Securing Pages
Next by thread: [cobalt-users] Tar Files and Password Files

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index