Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 22nd October 2009, 19:23
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

I'am researching the problem. No Idea at the moment what might cause this.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Sponsored Links
  #12  
Old 22nd October 2009, 19:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Which Linux distribution do you use?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #13  
Old 22nd October 2009, 19:49
giftsnake giftsnake is offline
Senior Member
 
Join Date: Jan 2009
Posts: 108
Thanks: 15
Thanked 9 Times in 8 Posts
Default

for me its debian lenny, according to perfect setup, no special stuff done with php

maybe: is the virtual user webx chrooted into /var/www/domain/ and the web folder is the users home?
i think i can delete files in my home too, even if they belong to root...

Last edited by giftsnake; 22nd October 2009 at 19:53.
Reply With Quote
  #14  
Old 22nd October 2009, 20:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

The interesting thing I found out in the meanwhile is, if you login as root, then su to web1 it is possible to delete a file owned by root. But if you change the shell in /etc/passwd from /bin/false to /bin/sh for user webx, its not possible anymore. But the php scripts are still able to delete root files. I'am using debian lenny with latest updates too on my test server. Also suexec is not reporting anymore if a file is owned by the wrong user which it should do too.

Which jailkit version do you use?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #15  
Old 22nd October 2009, 23:26
dxr dxr is offline
Member
 
Join Date: Jun 2009
Posts: 40
Thanks: 0
Thanked 5 Times in 4 Posts
 
Default

Hi,

I will show an example:

2 shells, 1 root shell and another user shell.

I added ispconfig user with correct privileges:

Code:
$ ssh ispconfig@127.0.0.1
Password:
Last login: Thu Oct 22 23:18:37 2009 from gea.univers.es
ispconfig@gea ~ $ id
uid=1005(ispconfig) gid=1018(ispconfig) grupos=1018(ispconfig)
ispconfig@gea ~ $ ls -lah
total 0
drwx------  2 ispconfig ispconfig  48 oct 22 23:18 .
drwxr-xr-x 11 root      root      280 oct 22 23:18 ..
ispconfig@gea ~ $
I created a root file in ispconfig's HOME

Code:
gea ~ # cd /home/ispconfig/
gea ispconfig # ls -lah
total 0
drwx------  2 ispconfig ispconfig  48 oct 22 23:18 .
drwxr-xr-x 11 root      root      280 oct 22 23:18 ..
gea ispconfig # touch root_file
gea ispconfig #
And i can delete it as ispconfig user because it is a root file IN ispconfig's HOME

Code:
ispconfig@gea ~ $ ls -lah
total 0
drwx------  2 ispconfig ispconfig  80 oct 22 23:19 .
drwxr-xr-x 11 root      root      280 oct 22 23:18 ..
-rw-r--r--  1 root      root        0 oct 22 23:19 root_file
ispconfig@gea ~ $ rm -rf root_file
ispconfig@gea ~ $ ls -lah
total 0
drwx------  2 ispconfig ispconfig  48 oct 22 23:19 .
drwxr-xr-x 11 root      root      280 oct 22 23:18 ..
ispconfig@gea ~ $
BUT, if we change the privileges for this directory (home)

Code:
gea ispconfig # chown root:root /home/ispconfig/ && chmod 755 /home/ispconfig/
gea ispconfig # touch root_file
gea ispconfig #
We can not delete file in any directory if we are not owner

Code:
ispconfig@gea ~ $ ls -lah
total 0
drwxr-xr-x  2 root root  80 oct 22 23:19 .
drwxr-xr-x 11 root root 280 oct 22 23:18 ..
-rw-r--r--  1 root root   0 oct 22 23:19 root_file
ispconfig@gea ~ $ rm -rf root_file
rm: no se puede borrar root_file: Permiso denegado
ispconfig@gea ~ $
If you are the directory owner, you control the entire content. It's not a bug, it is unix privileges.

Last edited by dxr; 22nd October 2009 at 23:38.
Reply With Quote
The Following 2 Users Say Thank You to dxr For This Useful Post:
till (23rd October 2009), vogelor (23rd October 2009)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flash Player (version 10.0r22) did not load bobwdn HOWTO-Related Questions 10 11th September 2011 11:08
automatic webmail link admins Installation/Configuration 16 22nd June 2009 16:42
Setting up a new server - Suse 11.1 londonman Server Operation 34 10th April 2009 13:16
Postfix email server problems Access denied 554 554 5.7.1 state 14 AceRimmer Server Operation 4 19th June 2008 14:36
Add Webmin to the system sushestvo Installation/Configuration 44 21st August 2007 16:52


All times are GMT +2. The time now is 23:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.