[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ4] Site Admin Permissions

Subject: Re: [cobalt-users] [RaQ4] Site Admin Permissions
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Tue Jul 16 10:40:01 2002
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

"William J.A. Brillinger" wrote:

> I have a customer who says he has a script that needs to run as nobody - is
> this a major security problem?

Maybe.  Depends what else is running as nobody.  I'd ask him why it has
to run as nobody.  The only reason a script would have to run as nobody
would be access something else on your box running as nobody; I'd
consider that a malicious attemt, BUT most likely he got a script from
someone/somewhere and was told it has to run as nobody but he has no
idea why.

> Is it possible to give a site admin the ability to chown a file within his
> own site to another user in his site or to user nobody?

Now that would be a security problem.

Fwiw, cgi-wrapper won't run a script on his site that's owned by nobody.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

References:
- [cobalt-users] [RaQ4] Site Admin Permissions
  - From: William J.A. Brillinger

Prev by Date: [cobalt-users] httpd not working on Raq4
Next by Date: Re: [cobalt-users] httpd not working on Raq4
Previous by thread: [cobalt-users] [RaQ4] Site Admin Permissions
Next by thread: [cobalt-users] Openwebmail: it works on some vistrual sites only...

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index