Prevent .no_delete from deleting

Discussion in 'Tips/Tricks/Mods' started by smartcall, Nov 6, 2007.

  1. smartcall

    smartcall ISPConfig Developer

    Hello,

    I was experiencing a lot of problems when my users were able to delete their /log directory despite of .no_delete file in it.
    As a matter of fact (especially in my server setup) every user who is with 'administrator' status owns his /log directory and .no_delete file respectively. There was no reason why they couldn't delete this file and the whole directory, which prevented apache from starting again.

    What I did was:

    Edited /root/ispconfig/scripts/lib/config.lib.php
    and added
    Code:
    $root_gruppe = $mod->system->root_group();
      exec("chmod 400 $web_path/user/.no_delete");
      exec("chown root:$root_gruppe $web_path/user/.no_delete");
      exec("chmod 400 $web_path/log/.no_delete");
      exec("chown root:$root_gruppe $web_path/log/.no_delete");
      exec("chmod 400 $web_path/cgi-bin/.no_delete");
      exec("chown root:$root_gruppe $web_path/cgi-bin/.no_delete");
      exec("chmod 400 $web_path/ssl/.no_delete");
      exec("chown root:$root_gruppe $web_path/ssl/.no_delete");
      exec("chmod 400 $web_path/phptmp/.no_delete");
      exec("chown root:$root_gruppe $web_path/phptmp/.no_delete");
      exec("chmod 400 $web_path/web/error/.no_delete");
      exec("chown root:$root_gruppe $web_path/web/error/.no_delete");
    right after
    Code:
    exec("chown -R $user_username $web_path/log/* &> /dev/null");
    in the section that follows after
    Code:
    ////////// Verzeichnisse erzeugen ENDE ///////////
    then i executed the command
    Code:
    find . -name ".no_delete" -exec chown root:root '{}' \;
    in /var/www - where ISPConfig creates the webs in my server setup, just to make sure all previously created .no_delete files are owned by root.
    That I believe solved my problem.
     
    Last edited: Nov 6, 2007
  2. smartcall

    smartcall ISPConfig Developer

    Of course the above didn't work, because the owner still has write permissions on the containing directory.

    Any ideas are appreciated.
     
  3. smartcall

    smartcall ISPConfig Developer

    Again answering to myself, I think I finally managed to do it.

    The permissions of the log dir itself must be 555. This way it works.
    The .no_delete and directory can't be deleted.
     
  4. smartcall

    smartcall ISPConfig Developer

    Another solution - proftpd.conf

    Another solution would be to add this in proftpd.conf

    Code:
    <Directory /var/www>
    HideFiles (\.passwd|htpasswd|no_delete|forward|procmailrc|spamassassin|vacation.cache|Maildir|csc|antivirus.rc|autoresponder.r
    c|html-trap.rc|local-rules.rc|mailsize.rc|quota.rc|spamassassin.rc|user_prefs|vacation.msg)$ #
    </Directory>
    Where directory is the top one for webs.

    I gues that when proftpd doesn't show these files, their containing directories can't be deleted.
    But i can't guarantee that this will work with all FTP clients.
     

Share This Page