Partial Solve: [cobalt-users] QUBE 2 Security issue with public page.....

[Hagen Schempf <hagen@xxxxxxxxxxxxxx>]

Sorry about the spam, but lo and behold, tech support actually answered
this one since I posted it - here is my understanding of it:

        

On the
QUBE 2 all home directories are public by default - that means that once
you get into the QUBE's default home-page QUBE_IP/cobalt/, you can SEARCH
or access ANY files that users may have placed in their own home
directory (QUBE_IP/users/username)!

        

The trick
is that each user-directory has a sub-directory labeled private, which
has user-/admin-set access priviledges (.htaccess file).

        

Hence the
ONLY fix for those wishing to use their own user-directory on the QUBE
for backing up certain files, will need to place them in their 'private'
subdirectory (i.e. QUBE_IP/users/username/private/), whose access
priviledges are set in their .htaccess-file and can be modified.

        

Sorry
again about wasting people's time - even if simple, I thought I'd provide
this and save people time! Anything else enlightening is of course always
welcome!

HAGEN




At 12:25 PM 5/16/00 -0400, Hagen Schempf wrote:

Folks,

        I am new to this so please excuse my potentially ignorant question:

        Setting: We have a QUBE 2 set up as a firewall and hooked up over the secondary interface through DSL (via RHTYMS.NET) to the world using a fixed IP address and an ISP-provided mask. The primary interface runs the LAN and all th ePCs and printers. The public WWW-page security issue I have has led me to the following desirable settings:

        
        - I do NOT want to have the public page (i.e. www.hostname.com/cobalt) to be accessible by anybody from the outside (WAN that is)- not even with password access - I know I can deny access by requiring people to give their username and password but I do not even want that to be possible. I have been told that once I replace the default public page with my own, my new page will be the page people will see once they access www.hostname.com - I just want to completely remove outside WAN-access to the .../cobalt public page for outsiders; that includes removal of outside access even by the admin - all admin-related activities should be done and be allowed to proceed on the LAN (i.e. from inside the company).

- I do want to retain internal LAN-access for the registered users to the .../cobalt page (i.e. company-internal access only!)

- I do not want to allow any registered users on the QUBE 2 to be able to view anything other than their own home/user-directory on the QUBE. The reasoning is that individual users should be allowed to place/backup personal/company-stuff onto the disk in the QUBE (that is why I bought a multi-gig drive), without any body else (except for the admin) to be able to get access to their own user directory. Is that at all possible?!


        Do I have to go to COBALT's tech-support and pay to have this mod made or is there an easy work-around anyone knows about? I am not a LINUX guru, so ignorance is against me here. Thanks for any helpful pointers!

HAGEN