I started setting up a Virtualmin install as the features, etc look good.
However I doubt I can continue as although I am no security expert I did some basic tests and it seems that things are quite insecure.
For example I created a new virtual server and tried this in a php script:
$s = file_get_contents("/etc/httpd/conf/httpd.conf"); echo $s;
and yes it echos httpd.conf with everyone's virtualhost settings, etc, etc. I haven't tried any other files but that is enough to wonder what else a user could do on the system. Sure I could muck with all the permissions on files myself, but really thought a shared hosting system like Virtualmin would have all that sorted. Its the same on the Pro and GPL versions.
So now I don't think I can use it and are a bit disappointed because I have already spent time setting things up, assuming that Virtualmin would have quite basic security requirements like this in place.
Am I seeing things correctly? I would really like to stay if I could - what should I do?