[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] "World writable directory" error

On Wed, 21 Feb 2001, inc@xxxxxxxxxxxxx wrote:

} Feb 21 09:26:18 www sendmail[14950]: JAA14949: forward
} /home/sites/site3/users/damski/.forward.www: World writable directory
} Feb 21 09:26:18 www sendmail[14950]: JAA14949: forward
} /home/sites/site3/users/damski/.forward: World writable directory

I commented on this the other day. You need to take a very close
look at this directory. Sendmail is telling you that there is
something wrong there - specifically that:

	/home/sites/site3/users/damski/.forward.www

	Is world writable. This could be the work of a clueless user
who simply created a hidden directory/file named: .forward.www or it
could be something worse. Knowing Sendmail as I do, I can't see
Sendmail lying to you about this.

	I'd recomend that you either SSH or Telnet into the box and
do a 'ls -al' (without the quotes) in:

	/home/sites/site3/users/damski/

	If you don't see that directory or a file of that name then
I'd recomend you beg, borrow or steal a fresh ls off a clean fresh
Cobalt, dump it right there in /damski/ and call it using it's full
path, ie:

	 /home/sites/site3/users/damski/./ls -al

	and check things out again.

	Again, this could be the work of clueless user, but it may
not be. I'm not implying that your server has been hacked. Odds are
there is nothing here to loose sleep over. But that message from
Sendmail is a heads up and I wouldn't recomend ignoring it. You may
very well have a user who is doing some things they shouldn't be
doing or trying to do something they shouldn't be doing. Worse yet,
perhaps, the user may not be responsible and may very well not know
about this. The easiest and fastest way into a box is through a user
account with an insecure password, and such accounts are very easy
to find.