Hi virtualmin community!
I manage to setup more virtual servers on my centos 5.4. To upload web content I use filezila, using sftp connection. I notice something very strange: using virtual server username blabla and passwd blabla I can't enter in /home/other virtual server directory for example /home/abc.net, this is a normal behavor, but i can navigate trough all content of the server: /etc /root /bin.
There is something wrong with my FTP Directory Restrictions setup?!
Apply to server and sub-servers : All virtual servers Restrict to directory: Users' home directories
Apply to server and sub-servers : Only server: blabla Restrict to directory: Virtual server's home directory
Apply to server and sub-servers : Only server: abc.net Restrict to directory: Virtual server's home directory
Howdy,
The setup for SSH and SFTP is different than that of plain old FTP.
FTP has a mechanism for locking users in their home directories; SSH and SFTP do not.
Users are, however, limited to viewing files that filesystem permissions allow.
That is, even though they can enter /etc, the Linux permissions prevent them from seeing anything they shouldn't. If that's not the case, you may need to review the permissions :-)
Also, remember that if they were to upload a PHP script, that PHP script would have permissions to do the same thing. That is, filesystem permissions would allow them to view certain files in /etc using a PHP app.
-Eric