Hi Jeff, I changed
drwxr-xr-x 7 nobody home 4096 Mar 13 11:15 /home/sites/home to drwxr-xr-x 7 admin home 4096 Mar 13 11:15 /home/sites/home (Command chown -R admin home) The problem belongs to this home directory and all site directories (site1, site2, site 3 ... site 75 ...) User alfred or peter is able to enter into that directory using the UNIX command cd /home/sites/home successfully. No permission denied message at all. Why is alfred allowed to enter into a directory which is owned by admin. It seems to me I have to fix that problem manually. Since 1997 I'm working with Linux Red Hat. I've never seen such Linux configuration before. Thank you, Dave ----- Original Message ----- From: "Jeff Lasman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 12, 2002 6:49 PM Subject: Re: [cobalt-security] Telnet/SSH simple user permissions > Dave Anders wrote: > > > I changed the permissions without any success. > > Every siteadmin/siteuser is still able to enter into > > all site directories. They can read and copy but have > > no write permissions. > > What did you change permissions to? You get to control the permissions: > > For example: > > -rw-rw-r-- 1 admin home 5469 May 9 2001 index.html > > Let's take those first ten single-character columns one at a time: > > The first column is "l" for a link, "-" for a regular file, and "d" for > a directory. > > The next three columns set the permissions for the file owner; the next > three after that set the permissions for the group the file belongs to, > and the third three for the rest of the world. > > So let's look at a rather standard "-rw-rw-r--" for the index.html file: > > The owner gets to read and write the file, anyone belonging to the > "home" group get's to read and write the file, and the rest of the world > gets to read the file. > > Sure, you can turn off that last "r" and make the permissions > "-rw-rw----" but if you do no one can see the files from the Internet; > the Internet is the rest of the world. > > You can create a much more secure server, in which the files would look > like this: > > -rw------- 1 httpd httpd 5469 May 9 2001 index.html > > or even > > -r-------- 1 httpd httpd 5469 May 9 2001 index.html > > But then you'd have to maintain the website by hand from a shell > account, and you'd have to have httpd privileges to do it. > > You could probably develop a system something like this: > > -rw-r----- 1 joe httpd 5469 May 9 2001 index.html > > Where joe is the site admin. There'd be a bunch of other issues; most > importantly you couldn't have multiple siteadmins. > > It's possible, but not easily done on a Cobalt Raq. > > Shared hosting has it's limitations, based on the simple point that the > world has to be able to read the files to see the website. > > Jeff > -- > Jeff Lasman <[EMAIL PROTECTED]> > Linux and Cobalt/Sun/RaQ Consulting > nobaloney.net, P. O. Box 52672, Riverside, CA 92517 > voice: +1 909 778-9980 * fax: +1 909 548-9484 > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
