[ale] Group Rights

Carl Forsell cforsell at roman.net
Wed Sep 20 19:48:36 EDT 2000 

Thanks to all who offered assistance is resolving this issue.

I had a business associate telnet in after he told me that there was no
problem doing what we wanted to do.  After looking around a bit, here are
his recommendations:

- We can not do what we wanted to do.  Too many security holes would be
opened up.
- Since the user's home directory is /home/jane_doe and the web site is at
/usr/local/httpd/htdocs/xyz, the user cannot make that jump.  I don't
understand, but I will concede on this one.
- His suggestion, and my customer has agreed to it, is to create a "web
admin" user with the website directory as personal directory.  This is not
an ideal solution, as 2 - 3 users will be sharing an admin login, but it
appears to be better than the security holes opened by the alternatives.

Thanks again one and all.  As my knowledge expands, I will return the favor
by helping others.


-----Original Message-----
From: Dow Hurst <dhurst at kennesaw.edu>
To: ale at ale.org
To: Carl Forsell <cforsell at roman.net>; ale at ale.org <ale at ale.org>
Date: Wednesday, September 20, 2000 4:43 PM
Subject: Re: [ale] Group Rights


>Yeah,
>The chrooted directory sounds like the real problem.  If Carl turns it
>off so the true root is the ftp root directory, are there other security
>precautions needed on the system?  Shouldn't the readability of /etc not
>be allowed?  I am not familiar with this type stuff at this point other
>than knowing that chrooting ftp is much safer when done properly.  I
>have seen machines with no readability on certain directories for world.
>
>Also, chrooted ftp servers have a definite structure to the chrooted
>environment.  Can't Carl just add an additional path to the ftp config?
>Dow
>
>
>Carl Forsell wrote:
>>
>> Good morning all...
>>
>> I have a group of users who all need to be able to FTP into common areas
on
>> a SuSE 6.3 box.  I set up groups and gave the groups all rights to the
>> directories (recursive).  When the users try to ftp in, they can see
their
>> home directories, but when they give the path for their web site
>> directories, they get a "cannot find the directory" message.
>>
>> If I assign their home directory to the web site directory, the problem
goes
>> away... however this has implications for their e-mail. Do I need to edit
>> the password file to add a reference to the group?
>>
>> Thank you in advance for any assistance.
>>
>> --
>> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
>
>--
>__________________________________________________________
>Dow Hurst                   Office: 770-499-3428
>Systems Support Specialist  Fax:    770-423-6744
>1000 Chastain Rd.
>Chemistry Department SC428  Email:dhurst at kennesaw.edu
>Kennesaw State University         Dow.Hurst at mindspring.com
>Kennesaw, GA 30144
>*********************************
>*Computational Chemistry is fun!*
>*********************************
>--
>To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
>

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list