Re: [cpx] Hardening directory rights and cpx

[Rus Berrett <rberrett@xxxxxxxxx>]

On Sun, Feb 13, 2005 at 10:02:09PM +0100, ADNET Ghislain wrote:
>
> Subject: Re: [cpx] Hardening directory rights and cpx
>
> >Ghislain,
> >
> >iManager is an suid program that drops privs down to the authenticated 
> >user level... so iManager won't (or rather, shouldn't) care.
> >
> >The underlying VSAP modules that perform _most_ of the CPX tasks 
> >operate in much the same way as iManager; they will run as if they are
> >the authenticated user (well, except for tasks which are done on files
> >owned by endusers at the behest of a domain admin).  There are, however,
> >some tasks which are handled without any other privileges but those that
> >are given to the apache user/group (www/www).  The ones that I can think
> >of off the top of my head are upload file (such as a mail attachment)
> >and download file.  Therefore, a home directory mode of 750 would
> >probably not be wise for any user that uses CPX, or at least, any user 
> >that expects CPX to behave and operate normally... 751 should be ok.  
> >
> >Inside your home directory, you can chmod 700 on any subdirectory with
> >the exception of ".cpx_tmp".  Your subdirectories such as "Mail" should
> >already be 700.
> >
> >hth.
> >
> >--rus.
> >
>
> ok i see, so i bet i will go for 751 for everyone then ;)

try it on one user first... just to be sure.  ;)


> 
> Thanks for the help !

sure.  no problemo.


> 
> regards,
> Ghislain.
> 

-- 
========================================================================
Rus Berrett                                                    NTT/Verio
                 See Perl. See Perl Run. Run Perl, Run!

======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).