But can't they have privileges to the httpd demon and probably do some stuff on that demon. Kal -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of shimi Sent: Saturday, June 23, 2001 8:29 PM To: [EMAIL PROTECTED] Subject: Re: [cobalt-developers] Security issues with running files owned by httpd under a virtual site. > > Can some one comments on such a scenario as far as security goes: > > I have a site (site2) and that site's DocumentRoot is "/web" > (/home/sites/site2/web) Then I cam and I created folders to be used. > > Under (/home/sites/site2) I created two folders as follow: > > drwx-wx--- 2 site4_admin httpd 1024 Jun 23 17:14 folder1 > drwx------ 2 httpd site4 1024 Jun 23 19:51 folder2 These directories has no effect whatsoever on httpd, as they're out of the root directory for the site and thus irrelevant (with one expection - cgi scripts CAN access there, and will have full permissions to do everything in those two directories) > Under (/home/sites/site2/web) I have: > > dr-x------ 12 httpd httpd 1024 Jun 23 02:40 folder3 > > > Thus, folder3 is browsable and set to rx just for httpd, now the issue is > that am I violating any Cobalt rules. In other words is it secure to do the > above or am i opening a security whole? Any trouble I might get into other > than the Quota for that virtual site (site2). Same note like before? > > Any advice is highly appreciated, > > KAL > > - shimi _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
