Hi all
Since the last version of Virtualmin I got this message:
Virtualmin has detected that 47 domains on your system are configured to allow symbolic links to other users' files. This can be exploited by a domain owner to access configurations files and private data in other virtual servers.
WARNING : Fixing this setting will break all virtual servers that have content or applications under symbolic links to other directories.
Most of Virtualmin Users run TYPO3 Websites where the typo3_srv is a symlink to typo3_srv-4.7.x in the same directory (public_html - all using their own TYPO3 SOURCE) so here is my question:
If I "fix symbolic Link Permissipons" are all the TYPO3 installations affected or not?
What is about all the Virtualmin AWSTAT und error and access logs symlinks?
thx in advance opaque
Howdy,
The new Virtualmin awstats plugin converts all your existing awstats symlinks into actual directories containing the awstats files.
The Apache logs won't be an issue since they're not being executed.
The Typo installs are a good question though, and some folks have had problems with them in the past. However, that's typically when the symlinks point to a centralized directory, where the files in that central directory are all owned by a different user... root in most cases.
So long as the files pointed to by your symlinks are owned by the same user who owns the symlink, it won't be a problem.
That is, the "FollowSymlinks" option is being changed to "SymLinksIfOwnerMatch".
So you should be fine... however, it wouldn't hurt to make a backup before doing that.
If you do happen to run into any problems, take a peek at the error logs before trying to revert the changes, as it's often a simple fix. The error logs are in $HOME/logs/error_log.
-Eric
Speaking of awstats... Has Jamie found a solution to the issue with awstats updates, possibly adding/changing icon files? Are updates detected and the modifications copied to all domains?
He's working on that problem. The temporary workaround is that disabling the awstats feature, and then re-enabling it, will cause everything to be re-copied.
If awstats is currently enabled for all domains, that can be done with these two commands:
virtualmin disable-feature --all-domains --virtualmin-awstatsvirtualmin enable-feature --all-domains --virtualmin-awstats
However, he's working on a better solution for the long-term :-)
-Eric
Okay, cycling the feature should do fine for now. :) As long as you don't make any configuration changes to awstats after enabling it, which you'd need to do all over again each time. But I guess it's rare enough that you need to make such changes.
EDIT: Oh, wait. Cycling the feature like you suggested would turn it back on for ALL domains, not just those that had it previously enabled!
I suppose you need some additional script-trickery to first fetch all domains that have the feature enabled, then disable it on all, and re-enable it only on those that had it previously enabled.
I fixed symbolic Link Permissions and all worked find, just some symlinks I made as root must I change.
rm typo3_src
ln -s typo3_src typo3_src-4.4.0
with logged in as current virtualmin user or changed the owner:
chown -R virtualminUser:virtualminUser *
opaque