locking clientX/webY directories with attribute +i, why?

Discussion in 'Installation/Configuration' started by help40, Nov 7, 2013.

  1. help40

    help40 New Member

    I have newly installed Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
    ISPCONFIG 3.0.5.3

    all time directories are locked (and I do not know when they are relocked again when I set -i attribute)

    Code:
    
    [[email protected] clients]# lsattr client1
    lsattr: Operation not supported While reading flags on client1/xxx.xxx.bg
    ----i--------e-- client1/web4
    lsattr: Operation not supported While reading flags on client1/xxxx.info
    lsattr: Operation not supported While reading flags on client1/xxxxx.info
    ----i--------e-- client1/web2
    ----i--------e-- client1/web5
    ----i--------e-- client1/web1
    lsattr: Operation not supported While reading flags on client1/xxxxx.com
    lsattr: Operation not supported While reading flags on client1/xxxx.net
    -------------e-- client1/test.txt
    ----i--------e-- client1/web6
    
    
    [[email protected] clients]# lsattr client3
    -------------e-- client3/web3
    lsattr: Operation not supported While reading flags on client3/xxxxx.de
    
    
    [[email protected] clients]# lsattr client4
    ----i--------e-- client4/web7
    lsattr: Operation not supported While reading flags on client4/dr-xxxxx.com
    
    this is not yet proportional server , I want to move from other panel to ispconfig ...
     
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    This is a new security setting in ISPConfig 3.
    You could disable this in the server config with setting the security level to low in the web tab of server config.

    The setting is useful, though, as you can not (accidently) delete directories like "web" "logs" "private" etc. that are essential for the websites.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    They are locked because folder protection feature under System > server config is enabled.

    If you remove the locks, then your clients or someone that hacked a single website are able to attack your apache server by removing e.g. the webroot directorys of the sites.

    So you can disable this feature, but I wont do it if this is my server.
     
    Last edited: Nov 7, 2013
  4. help40

    help40 New Member

    thank you for fast reply, about hacking other user directories , how about GRSECURITY ?
    is it possible to use it with ispconfig ? (or I must open new topic for it?)
     

Share This Page