>From: "David Lucas" Hi David,
> At 03:51 PM 6/6/2002, you wrote: > >Today I found the following problem : > > > >As soon as a simple user or siteadmin got > >Telnet/SSH access to our RaQ4 or XTR he is > >able to walk through all domain directories. > > > >He has permissions to read and copy all > >files of all domain directories also the > >server files under /home/sites/home/web > > > >What a security risk ! > > > >Only the user directories /users/. are > >safe = Permission denied ! > > > >All files - except the files of the user directories - > >are owned by nobody which is strange to me. > > > >I tried to disable shell account for certain > >domains and it's users using the Cobalt interface > >(Site Settings). After that the interface indicated > >Telnet/Shell access disabled for e.g. user alfred, > >but user alfred is still able to access the server > >by Telnet and SSH. > Must be something wrong on yours, it works on mine. Have you installed all Blue LinQ software updates. I assume one of those updates caused that problem. I installed all updates. > >The only way out was to disable Telnet and SSH > >systemwide. > > > >What can I do to restrict user permissions so users > >are no longer able to walk through all domain (site) > >directories. > Change permissions. I changed the permissions without any success. Every siteadmin/siteuser is still able to enter into all site directories. They can read and copy but have no write permissions. > >Shall I replace the owner nobody by the username of > >the siteadmin of each domain. > > nobody is the computer vs root or admin > I would venture you created the directories as admin. > > >Thanks in advance, > >--Dave > > > >_______________________________________________ > >cobalt-security mailing list > >[EMAIL PROTECTED] > >http://list.cobalt.com/mailman/listinfo/cobalt-security > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
