Home page logo
/

basics logo Security Basics mailing list archives

Re: User folders - Linux
From: Alexander Klimov <alserkli () inbox ru>
Date: Thu, 2 Dec 2004 11:54:26 +0200 (IST)

On Tue, 30 Nov 2004, Rafal Zajac wrote:
I will have there kinds of users:

- shell users - users with shell, ftp, www (home pages http/php/mySQL)
access

- Not trusted users - without shell access but with ftp and www access

- anonymous users - access to anonymous ftp (upload and download - uploaded
data will be accessible to download only after approval )

Note that if you allow to upload a program (e.g., PHP script) and execute it on
a http request this means that effectively you provide "shell access". So,
unless you disable CGI and PHP for "not trusted users" there is no point in
separating these categories.

-- 
Regards,
ASK


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault