Hi Ian, > No, fortunately this is not the case. Users are placed into groups based > on their site (fred:site1, jill:site12 etc.). Although each user could > see world-readable files (such as certain configs, some logs etc.), they > would not be able to see files where permission has been granted only > for a group they are not in. So fred, in my example, would be able to > tell that a site12 existed but would not be able to see the files > underneath that directory.
That's wrong, Ian. Let's run through this by example: [cbank web]$ whoami cbank [cbank web]$ cat /etc/passwd|grep cbank cbank:x:281:100:Carsten Bank:/home/sites/site19/users/cbank:/bin/bash So user "cbank" belongs to group "site19". Note that we were able to get that information out of /etc/passwd which is a hillarious security breach to begin with. Permissions on /etc/passwd are usually improperly set when the OS-restore-CD has been used - like in this case here on that particular RaQ4. Now note this: [cbank web]$ pwd /home/sites/site3/web [cbank web]$ ls -la total 2425 drwxrwsr-x 9 nobody site3 1024 May 12 01:06 . drwxrwsr-x 7 nobody site3 1024 Mar 19 01:18 .. -rw-r--r-- 1 powercat site3 761 Jun 8 00:52 .htaccess drwxr-sr-x 4 powercat site3 1024 Apr 21 23:08 Teacat -rw-r--r-- 1 powercat site3 11195 Jan 22 23:29 banner1.gif -rw-r--r-- 1 powercat site3 2238 Feb 15 23:08 favicon.ico drwxr-xr-x 10 powercat site3 1024 Apr 4 17:31 forum drwxr-xr-x 6 powercat site3 1024 Nov 6 2001 forum144 drwxr-xr-x 2 powercat site3 1024 Feb 1 23:20 help -rw-r--r-- 1 powercat site3 4644 Apr 21 23:18 index.html drwxr-sr-x 11 powercat site3 6144 May 24 01:38 karten -rw-rw-rw- 1 powercat site3 928 Apr 5 2001 metatag.inc drwxr-xr-x 4 powercat site3 1024 Jan 22 18:46 poll -rwxr--r-- 1 powercat site3 255 Apr 5 2001 robots.txt -rw-r--r-- 1 powercat site3 1088 May 5 23:30 spiritflower.htm drwxr-xr-x 2 powercat site3 3072 Mar 19 21:47 stats -rw-r--r-- 1 powercat site3 10984 Sep 9 2001 teacatgb.gif -rw-r--r-- 1 powercat site3 5055 Jan 22 19:23 umfrage.htm So even though user "cbank" doesn't belong to site3 he can browse the /web directory of this site. And as the permissions are in the above case he has read access to all files there. > Depends on the file permission. If the order file is created with > world-readable permission, then the answer is yes. More likely though, > the file would be created with group-only readable permissions which > makes the answer no. Group ID on the /web directories is set upon execution. The /web directories usually have the octal mode 42775 which explicitly lets anyone read and execute files within the /web directory of that site. -- Mit freundlichen Gr��en / With best regards Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
