Thread: File Manager
View Single Post
Old 26th June 2012, 10:58
Mark_NL Mark_NL is offline
Senior Member
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts

This would not make me a very happy person.

Seriously, this will bring in a sh*tload of security measures into the story.

f.e. ispconfig webgui runs on Apache (uid 33). If client12 (uid 1012) logs in, creates a dir in his homedir, he's not allowed, unless you make the dir world writable, owned by uid 33 or put them both in the same group and set group permissions correct beforehand. Running apache as root is seriously not an option. Throw the action in the jobqueue and let the cron take care of it, but that's not the main purpose of that cron (and the users needs to wait max 59sec.) so also not really an option.

How would you handle these kind of things (this was just one example).

Whoever wants can build it into the system, but for the sake of security, make it a modular and disable it (completely!) by default.

I agree with ezhandossov that it should be a WebFTP client instead of a file manager.
Real men don't backup... Real men cry!
Reply With Quote