|
Starting with H-Sphere 2.5 Patch 8, new security scheme has been implemented. This scheme prevents untrusted users
from manipulating logs directory and prohibits users other than httpd from entering user directory. The example
of the permissions and groups associated with the directories in the new security scheme is as follows:
where:
xrwx--T - permissions with a sticky bit that prevents users from making any changes to logs directory
httpd - owner of the directory (should not coincide with the user name)
4096 - size in bytes
Use logslock utility to put/remove immutable flag from the ~userhome/logs directory:
logslock -h
Usage: /hsphere/shared/bin/logslock [ -p directory ] [ -u directory ] [-s] [-a]
p : set sticky bit on home directory
u : unset sticky bit from home directory
a : unset sticky bit from home directories of H-Sphere users
s : set sticky bit on home directories of H-Sphere users
Note: above mentioned permission settings for user home directory may cause user
access denial via ssh if public key authentication is used. To avoid the problem, you can disable strict
sshd mode by editing sshd_config file and restarting sshd daemon (/etc/ssh/sshd_config
file on Linux).
|
