Up: Security Considerations
Previous: Unix setuid Operation
  Contents
Changing Database File Permissions
Because passwords are stored in unencrypted form, administrators concerned
about password security should use standard operating system mechanisms
to restrict read access to the CoffeeLink News Server database to only
the account that the server is run under.
The database is stored in a sub-directory named database in the installation directory.
All of the files in the database directory must be accessible for both read and write
access to the account that the CLNews server is run under.
Other accounts (i.e. those of the people who read and post to news groups) do not
need read access to the CLNews database.
The exact mechanism for restricting access to the files depends on the operating system.
On Unix systems, the file permissions on the database directory should be set
(using chmod) to 700 (i.e. owner read, write, and execute all others no access)
and the permissions on the database files should be set to 600 (i.e. owner read
and write all others no access).
The installation directory and all files and subdirectories under it should be
owned by the account that executes the CLNews server.
For example, if the server will be executed by the nobody account and the
server was installed in /usr/local/CoffeeLinkNews, the following steps will
set the ownerships and file permissions appropriately on most Unix systems:
$ chown -R nobody /usr/local/CoffeeLinkNews
$ chmod 700 /usr/local/CoffeeLinkNews/database
$ chmod 600 /usr/local/CoffeeLinkNews/database/*
Up: Security Considerations
Previous: Unix setuid Operation
  Contents
Copyright © 2000 by Burton Computer Corporation, All Rights Reserved
|