[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] SSH/Shell Access Concern
- Subject: Re: [cobalt-users] SSH/Shell Access Concern
- From: "Dan Mahoney, System Admin" <danm@xxxxxxxxxxxxxxx>
- Date: Thu Feb 22 13:22:28 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Mon, 12 Feb 2001, W.E.B.S Ltd - awebcompany.net (J Williams) wrote:
> I'm a newbie to servers and learning the hard way it seems. I have a book which is helping but has brought about this query.
>
> With a virtual site administrator enabled with shell access, it seems that using SSH the user can log onto his domain, and gain root
> access by simply typing cd ../../
>
> I've tried it with various user passwords and anyone with shell enabled can get everywhere within the system. I can get into any
> other virtual site, the home directory and root level!
>
> Maybe I'm wrong but this seems very dangerous! Should site administrators with shell access be able to do this?
It's really quite harmless. Just because you can cd to the directory
doesn't mean you can read the files (for example, the password files), or
can modify them.
In fact, you need to be able to see certain files on the system to make
things work. For example, when you start pine, it looks for a global
configuration file (which I can't recal the location of).
If users do not want their files to be world readable it is up to them to
set permissions appropriately.
Just my $0.02
-Dan
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Web: http://prime.gushi.org
finger danm@xxxxxxxxxxxxxxx
for pgp public key and tel#
---------------------------