HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   Prevent users from reading eachothers directories + ISPConfig compatibility (http://www.howtoforge.com/forums/showthread.php?t=4216)

Norman 11th May 2006 00:22

Prevent users from reading eachothers directories + ISPConfig compatibility
 
Is there a good way to maintain some security in the system for shell-users without having to chroot/jail everyone?

I've tried to simply change user dir permissions chmod 701 to hide people from snooping the files initially. However that seems to make ISPC unable to read statistics (quota) from the directories. Are there any efficient methods to handle this? I tried to turn on sudo support for the du-command as shown in other threads but it doesnt seem to help.

Is sudo-config option bugged?

admispconfig has permission to run du under sudo.

falko 11th May 2006 00:32

Quote:

Originally Posted by Norman
Is sudo-config option bugged?

No, it's working fine on our test machines.
I think the problem is that you changed the permissions to 701. That way only the owner (and noone else) can read.

Norman 11th May 2006 17:32

Yes, but shouldn't it be possible to change

$go_info["server"]["sudo_du_enabled"] = false; // enable sudo for gathering website file usage
to:
$go_info["server"]["sudo_du_enabled"] = true; // enable sudo for gathering website file usage

Then shouldn't ispconfig run "du" as sudo-root?

I think it's a security-risk to leave directories as 755 .

Also, a side-question. Does ispconfig use the quota-function of the system?
I dont see it using any of the diskquotas.

falko 11th May 2006 18:10

Quote:

Originally Posted by Norman
Also, a side-question. Does ispconfig use the quota-function of the system?
I dont see it using any of the diskquotas.

Yes - if you have quota installed.

Norman 11th May 2006 22:10

It is installed, how can I see if it's being used in ISPConfig?

Check each users with "quota" command?

falko 12th May 2006 11:02

You can use the repquota command:
Code:

repquota -avug


All times are GMT +2. The time now is 17:42.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.