Prevent users from reading eachothers directories + ISPConfig compatibility

Discussion in 'General' started by Norman, May 11, 2006.

  1. Norman

    Norman HowtoForge Supporter

    Is there a good way to maintain some security in the system for shell-users without having to chroot/jail everyone?

    I've tried to simply change user dir permissions chmod 701 to hide people from snooping the files initially. However that seems to make ISPC unable to read statistics (quota) from the directories. Are there any efficient methods to handle this? I tried to turn on sudo support for the du-command as shown in other threads but it doesnt seem to help.

    Is sudo-config option bugged?

    admispconfig has permission to run du under sudo.
  2. falko

    falko Super Moderator

    No, it's working fine on our test machines.
    I think the problem is that you changed the permissions to 701. That way only the owner (and noone else) can read.
  3. Norman

    Norman HowtoForge Supporter

    Yes, but shouldn't it be possible to change

    $go_info["server"]["sudo_du_enabled"] = false; // enable sudo for gathering website file usage
    $go_info["server"]["sudo_du_enabled"] = true; // enable sudo for gathering website file usage

    Then shouldn't ispconfig run "du" as sudo-root?

    I think it's a security-risk to leave directories as 755 .

    Also, a side-question. Does ispconfig use the quota-function of the system?
    I dont see it using any of the diskquotas.
  4. falko

    falko Super Moderator

    Yes - if you have quota installed.
  5. Norman

    Norman HowtoForge Supporter

    It is installed, how can I see if it's being used in ISPConfig?

    Check each users with "quota" command?
  6. falko

    falko Super Moderator

    You can use the repquota command:
    repquota -avug

Share This Page