[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Security Alert on MIPS based Cobalt Servers
- Subject: Re: [cobalt-users] Security Alert on MIPS based Cobalt Servers
- From: Malcolm McLeary <mmcleary@xxxxxxx>
- Date: Mon Oct 9 18:46:02 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
on 10/10/00 8:53 AM, Scott Rader at slr@xxxxxxxxx wrote:
>> I do not know how to fix this yet.....
>
> Amazing... On my Qube 2, I copied the .htaccess from
> /home/groups/home/private into the .cobalt directory and now get
> prompted for password access. I would appreciate comments on this
> quick solution (read hack)...
Unfortunately creating a .htaccess at the .cobalt level doesn't really work
as the error subdirectory shouldn't be restricted to the members of the home
group only.
It would be prudent to check all the other subdirectories in
/usr/admserv/html/.cobalt/ for missing .htaccess files and create them where
required.
Access should actually be restricted to the admin user, so the .htaccess
file should contain the following;
# Access file for /usr/admserv/html/.cobalt/groupList/ (admin)
order allow,deny
allow from all
require user admin
Authname Server
Authtype Basic
AuthUserFile /etc/htpasswd
AuthGroupFile /etc/htgroup
Cheers, Malcolm
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Information Alchemy Pty Ltd
ACN 089 239 305
Canberra, Australia
Malcolm McLeary Mobile: 0412 636 086
Managing Director Email: mmcleary@xxxxxxx
This message was sent using Outlook Express 5.0 for Macintosh.