|
The security scheme prevents untrusted users from manipulating logs directory and prohibits users other than httpd from entering user directory. The example of the permissions and groups associated with the directories in the new security scheme since H-Sphere 2.5 Patch 11 and 3.0 Patch 2 is as follows:
 d---rwx--t 3 root january 4096 Dec 8 20:32 january
where:
d---rwx--t - permissions with a sticky bit that prevents users from making any changes to logs directory
root - owner of the directory (should not coincide with the user name)
january - directory name
4096 - size in bytes
Dec 8 20:32 - date of last modification
january - user home directory name
Use logslock utility to put/remove immutable flag from the ~userhome/logs directory:
logslock -h
Usage: /hsphere/shared/bin/logslock [ -p directory ] [ -u directory ] [-s] [-a]
p : set sticky bit on home directory
u : unset sticky bit from home directory
a : unset sticky bit from home directories of H-Sphere users
s : set sticky bit on home directories of H-Sphere users
Note: above mentioned permission settings for user home directory may cause user
access denial via ssh if public key authentication is used. To avoid the problem, you can disable strict
sshd mode by editing sshd_config file and restarting sshd daemon (/etc/ssh/sshd_config
file on Linux).
|
