Today I found the following problem : As soon as a simple user or siteadmin got Telnet/SSH access to our RaQ4 or XTR he is able to walk through all domain directories.
He has permissions to read and copy all files of all domain directories also the server files under /home/sites/home/web What a security risk ! Only the user directories /users/. are safe = Permission denied ! All files - except the files of the user directories - are owned by nobody which is strange to me. I tried to disable shell account for certain domains and it's users using the Cobalt interface (Site Settings). After that the interface indicated Telnet/Shell access disabled for e.g. user alfred, but user alfred is still able to access the server by Telnet and SSH. The only way out was to disable Telnet and SSH systemwide. What can I do to restrict user permissions so users are no longer able to walk through all domain (site) directories. Shall I replace the owner nobody by the username of the siteadmin of each domain. Thanks in advance, --Dave _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
