Hello
I got new server and after Webmin fresh install (and setup users and virtual servers), i noticed that user can view whole filesystem via FTP. So if you have /any-name/ user, this user can go to UP level, check all other users /but don't have access to go into this user accounts/, also can go 1 level upper and check all directories.
I check, that all users on this server have the same permissions as the users on other server, where they cann't view whole filesystem.
What is interesting that i setup the same Centos 6.7 template, install Webmin (as on other servers), but for whatever reason, user on this server has rights to see the shadow file :-)
Any advice will be appreciated !
Howdy,
There's some info on that issue here:
https://www.virtualmin.com/documentation/security/faq#How_can_I_prevent_...
However, non-root users should never be able to read the shadow file -- if that's the case, it sounds like the shadow file may have the wrong permissions.
What is the output of this commandL
ls -l /etc/shadowHi (привет) Andrey
Thank you for quick response
Here is output
[root@server1 ~]# ls -l /etc/shadow---------- 1 root root 1189 Oct 14 00:59 /etc/shadow
thank you
Hmm, there don't appear to be any permissions set on that file... so FTP users shouldn't be able to see that.
When logging in via FTP, are you saying you can see that the shadow file is there, or that you can read it's contents as an FTP user?
-Eric
Hello
Ftp user can view and read this file - /etc/passwd and view (but not read) /etc/shadow
When i said that everything was same as on another servers I was wrong. During Webmin installation i got 1 more question, when usually i there isn't
the question is
= Please enter the name of your primary network interface =
I put "venet0"
I don't remember this question during other installations.