[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Suspending users & sites
- Subject: Re: [cobalt-users] Suspending users & sites
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Sun May 6 23:57:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Mon, 7 May 2001, Rodolfo J. Paiz wrote:
> At 5/7/01 03:36 AM -0700, you wrote:
> > > Someone give me a stick of dynamite.
> > > CarrieB
> >
> >chmod 000 /home/sites/siteX
> >
> >no procmail, no website, mail folders...
> >
> >did I forget anything? I hope not :-)
>
> Boy, that's a stick of dynamite all right. Yes, Shimi, it will work; but it
> will be very loud and painful for you the admin, won't it? Sendmail and
> procmail in particular (and probably others) are going to be putting long,
> noisy, and annoying messages in your logs *constantly* thus making your job
> harder.
I am *not* so sure. I didn't test it yet, as I am on a machine where I
don't trust the security to my cobalt in the way...
IIRC sendmail still runs at root.
If he just try to see if it can write a file, that is, without checking
the permissions - he'll succeed - root is exempt from file permissions,
last time I checked...
the story with procmail... isn't that spawned from sendmail? same story
then.
again, I don't know, will have to check about that, although I don't think
sendmail will complain... I think he'll just bounce back (oh god, if I
would only filter my incoming From: MAILER-DAEMON mails... :p)
>
> IMHO, we'd be better off doing a little scripting to create a more
> "elegant" solution. Still, if you had to totally lock down a site today at
> any cost, that's a simple and extremely effective way (which I hadn't
> thought of).
>
> --
> Rodolfo J. Paiz
> rpaiz@xxxxxxxxxxxxxx
>
- shimi