This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Newly created user can access all server files via File Manager?

4 posts / 0 new

Topic locked

Last post

#1 Fri, 07/07/2006 - 05:11

ah...lifes...good

Newly created user can access all server files via File Manager?

Hi Joe,

I created a virtual server and domain name user via Virtualmin Pro.

I noticed that the user can "see" all files on the server, instead of being limited to view files in the domain name directory only.

Is there a way to close this security loophole?

Many thanks.

#2 Sun, 06/07/2009 - 07:00

ah...lifes...good

Don't worry about it, Joe. I found the answer.

> Usermin Configuration] Access Control Options] Root directory for file chooser] *tick* User's home directory

AND

> Usermin Configuration] Usermin Module Configuration] File Manager] *tick* Allow access to home and directories below..

#3 Sun, 06/07/2009 - 07:00

Joe

Good sleuthing, A. That ought to be the default, but I guess it wasn't when you install (or maybe even still isn't, I'll have to check).

--

Check out the forum guidelines!

#4 Sun, 06/07/2009 - 07:00

Joe

Oh, though I should point out that Usermin respects file permissions--even the old settings shouldn't actually be even a minor a security issue unless you have a habit of making files world-readable/world-writable (e.g. the much-maligned habit of some web developers doing "chmod 777" as a first debugging step...never, never, never do that...but I'm sure I don't have to tell anyone here that).

--

Check out the forum guidelines!

Topic locked