[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Telnet Security

Subject: Re: [cobalt-users] Telnet Security
From: mika@xxxxxxxxxxxxxxxxx
Date: Thu Mar 30 15:16:38 2000

Hi Steve,

> When a client/user telnets into my Raq2 they can read all files  i.e.
> etc/passwd 

/etc/passwd is always -rw-r?-r-- and so it is readeable by all users, 
always.

> I had a client tell me my passwords, he told me this for my own security
> reasons.

But there are not passwords in this file. Misleading name, I know. As 
/etc/ftpsuers contains the users who are NOT allowed to ftp to the 
machine ;-)

Passwords are in /etc/shadow and that is -rw------- thus only readeable 
by root. And the passwords are encrypted.

I guess, you used your password for something else and put it in one of 
your files? Did you use it as a database password for example? Or your 
password is simply too simple.

> Is there a way to setup telnet to only access there own directories.

I got as an answer to this question: Don't give your users telnet access 
? duuuuh!

My answer is: Either put user httpd in all site groups (max. 32 I learned 
on this newsgroup) and then remove all world rights from the websites: 
"chmod -R o-rwx /home/sites/*". Or create a chroot enviroment for telnet 
users. Just the second one prohibits reading the real /etc/passwd ? but 
that actually is not a real problem.

But, BTW., do you use mod_perl and/or mod_php? Is at least "safe-mode On" 
in your /etc/httpd/php3.ini? If not, every user who can use PHP can read 
most files too. For the mod_perl I don't know a similar solution either.

Good luck
	Michael

References:
- [cobalt-users] Telnet Security
  - From: szoller

Prev by Date: [cobalt-users] New to it all
Next by Date: Re: [cobalt-users] miva questions
Previous by thread: Re: [cobalt-users] Telnet Security
Next by thread: [cobalt-users] Autostarting

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index