Development

Wiki Start
Wishlist
Timeline
Roadmap
Browse Source
New Ticket
View Tickets

Ticket #1080 (new defect)

Opened 2 months ago

Last modified 2 months ago

active web folders should not be deletable by customer

Reported by: joximu Assigned to:
Priority: minor Milestone: ispCP ω 1.0.0
Component: Backend (Engine) Version: ispCP ω 1.0.0 - RC3
Severity: Medium Keywords:
Cc:

Description

It's possible that a customer just deletes some folders - eg the webfolders for subdomains or for domain aliases...

This should not be possible - we maybe should have the /var/www/virtual/customer folder read only for the customer itself - only some subfolders should be writeable...

Attachments

Change History

(in reply to: ↑ description ) 03/06/2008 01:32:52 AM changed by Cube

Replying to joximu:

we maybe should have the /var/www/virtual/customer folder read only for the customer itself - only some subfolders should be writeable...

This is a bad idea. E.g. some customers put there private backups, which should not be accessible through http. I have a php-script which uses this space for files, because it's a very secure space. Years ago when I had my first webspace with a ftp-access above www-root I was very happy because of the new possibilities.

03/06/2008 11:20:34 AM changed by joximu

ok, I can follow the idea.

Let's add a folder "private" which is out of webspace and can be filled with private data (plesk does it like this - and I like the idea).

I think it's possible to have both: some private folders (well, they have fix names) *and* no more write access in domain-home...

03/06/2008 02:43:30 PM changed by Cube

Next objection: there are the .htpasswd and .htgroup files. More experienced users prefer editing them directly than using the GUI (if it would work).
It's a pity, that Linux has not a flexible rights management like Windows. There it is possible to set separate rights for deleting.

03/06/2008 10:02:13 PM changed by joximu

The .htaccess files are ok in the htdocs folder - no need for write access further above.

Windows: you don't relly want that much of windows an your linux machine. The permissions are rather complex there and I think (I don't know) with linux acls this should also be possible - but we really don't need write access in the domain-folder.

03/06/2008 10:59:10 PM changed by Cube

I'm not speaking about .htaccess but about .htpasswd and .htgroup.

Web password files (...) should not be within the Web server's URI space -- that is, they should not be fetchable with a browser.
(from the Apache documentation)

03/07/2008 12:55:41 AM changed by joximu

ok, so there can be a folder for this files.

Seems to be not very popular to restrict the access...

It's just because of the many users who just delete everything they don't know.

03/14/2008 04:32:39 PM changed by rats

  • milestone changed from Working to ispCP ω 1.0.0.

03/17/2008 06:19:52 PM changed by rats

  • severity changed from Don't know to Medium.
  • milestone changed from ispCP ω 1.0.0 to ispCP ω 1.0.0 - RC5.

(follow-up: ↓ 10 ) 03/21/2008 07:27:26 PM changed by rats

what about chattr +u (makes a file/folder undeletable)

(in reply to: ↑ 9 ) 03/21/2008 07:30:49 PM changed by rats

Replying to rats:

what about chattr +u (makes a file/folder undeletable)

I just saw that 'u' is not implemented in ext2/3

03/22/2008 01:20:36 AM changed by joximu

I see only one way: setting /var/www/virtual/domain to root:root with 755 (or 775) permissions. Then all alias and subdomain folders underneath: also root:root with 755 perm. The htdocs (also in subdomain and alias dirs) should not be world readable (-> vu2xxx:www-data with 750)... Of course we need at least one more directory for private data...

Let's see, what others do (Plesk 7.5x): 

drwxr-xr-x  20 root root    4096 25. Okt 2005  .
drwxr-xr-x  47 root root    4096 20. Mär 11:40 ..
drwxr-x---   5 user psaserv 4096 26. Sep 2005  anon_ftp
drwxr-xr-x   2 root root    4096 26. Sep 2005  bin
drwxr-x---   2 user psaserv 4096 26. Sep 2005  cgi-bin
drwxr-x---   2 root psaserv 4096 20. Mär 11:40 conf
drwxr-xr-x   2 root psaserv 4096 26. Sep 2005  error_docs
drwxr-xr-x   2 root root    4096 26. Sep 2005  etc
drwxr-x---   9 user psaserv 4096 18. Mai 2007  httpdocs
drwxr-x---   4 user psaserv 4096 26. Sep 2005  httpsdocs
drwxr-xr-x   2 root root    4096 26. Sep 2005  lib
drwxr-x---   2 root psaserv 4096 26. Sep 2005  pd
drwx------   2 user root    4096 26. Sep 2005  private
dr-xr-x---   7 root psaserv 4096 26. Sep 2005  statistics
drwxr-xr-x   2 root psaserv 4096 26. Sep 2005  subdomains
drwxrwxrwt   2 root root    4096 26. Sep 2005  tmp
drwxr-xr-x   5 root root    4096 26. Sep 2005  usr
drwxr-xr-x   3 root root    4096 26. Sep 2005  var
drwxr-xr-x   3 root psacln  4096 25. Okt 2005  vault_scripts
drwxr-xr-x   2 root psaserv 4096 26. Sep 2005  web_users

It's an absolut bad job to correct the config when users have removed the subdirs of subdomains and aliasdomains manually by ftp without removing them in the gui. And you all know what all the users like most to do...

(follow-up: ↓ 13 ) 03/26/2008 08:11:54 PM changed by rats

backup directory will be re-created. For sub and alias domains this Problem will be solved, if the mount point is free to choose.

(in reply to: ↑ 12 ) 03/27/2008 12:29:53 AM changed by joximu

Replying to rats:

For sub and alias domains this Problem will be solved, if the mount point is free to choose.

What is solved with a free choice? As a client I can choose /xyz for sub abc.domain.tld - but I still can remove the flder xyz without removing the sub in the config.

03/30/2008 11:48:02 PM changed by Cube

There is possible solution with proftpd-directves:

<Directory ~/>
PathDenyFilter "^/(backups|cgi-bin|htdocs|errors|logs|phptmp|statistics)/?$"
</Directory>

This directive forbids to delete, rename, create, chmod etc. the standard directories. The user will still have the possibility to add own directories and to edit .htpasswd and .htgroup.

A solution for subdomains has to be found. Perhaps ispCP could generate a specific ptoftpd-config for each subdomain.

03/31/2008 03:58:50 AM changed by blocker

Seems good idea ... should be create another ticket ?

03/31/2008 09:23:37 AM changed by rats

  • milestone changed from ispCP ω 1.0.0 - RC5 to ispCP ω 1.0.0.

Cube's fix will be in r1089. For subdomains -> moved to another release

Add/Change #1080 (active web folders should not be deletable by customer)