Prevent users from reading eachothers directories + ISPConfig compatibility

[Norman]

Is there a good way to maintain some security in the system for shell-users without having to chroot/jail everyone?

I've tried to simply change user dir permissions chmod 701 to hide people from snooping the files initially. However that seems to make ISPC unable to read statistics (quota) from the directories. Are there any efficient methods to handle this? I tried to turn on sudo support for the du-command as shown in other threads but it doesnt seem to help.

Is sudo-config option bugged?

admispconfig has permission to run du under sudo.

[falko]

Quote:

Originally Posted by Norman

Is sudo-config option bugged?

No, it's working fine on our test machines.
I think the problem is that you changed the permissions to 701. That way only the owner (and noone else) can read.

[Norman]

Yes, but shouldn't it be possible to change

$go_info["server"]["sudo_du_enabled"] = false; // enable sudo for gathering website file usage
to:
$go_info["server"]["sudo_du_enabled"] = true; // enable sudo for gathering website file usage

Then shouldn't ispconfig run "du" as sudo-root?

I think it's a security-risk to leave directories as 755 .

Also, a side-question. Does ispconfig use the quota-function of the system?
I dont see it using any of the diskquotas.

[falko]

Quote:

Originally Posted by Norman

Also, a side-question. Does ispconfig use the quota-function of the system?
I dont see it using any of the diskquotas.

Yes - if you have quota installed.

[Norman]

It is installed, how can I see if it's being used in ISPConfig?

Check each users with "quota" command?

[falko]

You can use the repquota command:

Code:

repquota -avug