[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?

Subject: RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
From: "Kai Deecke" <go@xxxxxxxxxxxx>
Date: Sat Jan 5 05:14:01 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

actually all the shortcuts are owned by root but the folders are owned by
nobody:
drwxrwsr-x   6 nobody   site1        1024 Nov 16  2001 site1
drwxrwsr-x   6 nobody   site10       1024 Dec 12  2001 site10
drwxrwsr-x   6 nobody   site11       1024 Dec 12  2001 site11
drwxrwsr-x   6 nobody   site12       1024 Sep 30  2001 site12
drwxrwsr-x   6 nobody   site13       1024 Nov 27  2001 site13
drwxrwsr-x   8 nobody   site14       1024 Jan  1  2002 site14
drwxrwsr-x   6 nobody   site15       1024 Dec 21  2001 site15

etc
etc
etc

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Wayne Sagar
Sent: Saturday, 5 January 2002 9:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?


>For the last few days when i log into the RAQ with user "admin" i have no
>permissions to create, delete etc.... whats gone wrong?

Where to start.... If you've been ftp'ing in with admin password.. maybe
someone snatched that plain text admin level password and changed ownership
of the files..

ssh in and ls -al and see who owns the files in question.

If you're ftp'ing in as admin, my guess is, you have never changed the RaQ
default setup that comes with the admin and root password the same.. So if
someone got your admin password, they are now in as admin.. and also able to
log in as root.. bad!

ssh in,

su root
passwd

Make a cryptic password with mixed case, symbols, numbers etc something over
8 chars.. WRITE IT DOWN somewhere..

Now you have at least two levels of safety.

All of the above is moot if the "root" of your problem is that someone
besides you is living there as "root"..

Install ssh, disable telnet, NEVER log into an ftp account as server admin,
install self signed cert on your main site for the box so that any admin
commands/passwords are sent encrypted.

If all of the above has already been done by you, disregard, if none of the
above has been done, strongly suggest reading the archives here on security
issues. Most have been discussed at great length with installation
instructions etc..

Hope this helps and GOOD LUCK!

WS

_________________________________________________________________
Join the world?s largest e-mail service with MSN Hotmail.
http://www.hotmail.com

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
  - From: Wayne Sagar

Prev by Date: RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
Next by Date: Re: [cobalt-users] CDONTS and ASP for RaQ4
Previous by thread: RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
Next by thread: RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index