Users can read each other's access logs through SSH

Status
Not open for further replies.
U

ukrppf

Verified User
Joined
Dec 8, 2009
Messages
49
I am trying to come up with a solution to prevent users from being able to read each other's access logs. I was alarmed by this possibility, recently, when logged into the system as a user.

First, I noticed if I cd ../../ back to the root and perform an ls command, I can see everything in the root folder. Second, if I cd var/log and do an ls command, I can see everything there.

What was disturbing is that I can actually do a nano on the yum.log and read that. But I can also cd into httpd and do a nano on the access_logs there! And then I can cd into domains and see all of the sites' access logs and read those as well!

Now, I notice that the home directory had a 711 permission on it, which does not allow anyone to list what is there. However, if you know how to drill down, without seeing the folders, you can eventually gain the ability to list contents and read log files!

So, I need some help to fix this issue in a logical way, preferably through Direct Admin. ...While this is not a major hole, I do see it as a hole in privacy!

Thanks for the help!

P.S. - Not granting SSH to users is not an option.
 
Thank you for your reply. I appreciate that Custombuild FAQ. Very cool. ...I'll make sure to read it in detail. I see suphp mentioned there; someone had mentioned that to me. Also, someone had mentioned j ssh to me, but I don't know anything about it yet. I will do research on it. ...It would be good if DirectAdmin could take care of this issue though. I don't think it is totally fair to not allow users to have SSH, when it is very convenient for basic tasks. ...But again, maybe this j ssh is the solution.
 
I think you mean it does look promising since it works.
 
I think you should be more careful

floyd said:
Can you be more specific or are you just trolling?
Click to expand...

I don't know who you are, but I think you should be more careful in making such accusations about users here on the DirectAdmin forums. I have a paid license for DirectAdmin. I am far from trolling; give me a break.

And lighten up. Get a sense of humor.

"IT" may work refers to the Jailed SSH. However, as far as clear instruction for how to use it, the thread is confusing and lousy. Therefore, I was not optimistic about trying it. Very simple.
 
Look at the number of posts I have made and you will get an idea of who I am.

The instructions are very clear. This thread may not be clear but the actual instructions are clear. You should read those instead. They are in the knowledgebase.
 
Last edited:
The thread is the ad for the the help page

floyd said:
Look at the number of posts I have made and you will get an idea of who I am.

The instructions are very clear. This thread may not be clear but the actual instructions are clear. You should read those instead. They are in the knowledgebase.
Click to expand...

The thread is the ad for the help page though and it is not a very good advertisement. I did look over the help page and of course it looks interesting.

...It doesn't matter how many posts one has made. It matters how one treats a newcomer. And I am a paying customer that doesn't like to be accused of being a troll.
 
ukrppf said:
...It doesn't matter how many posts one has made. It matters how one treats a newcomer. And I am a paying customer that doesn't like to be accused of being a troll.
Click to expand...

You are not paying me. This is a user supported forum. I am a paying customer as well.

If you want help as a paying customer then you need to contact DirectAdmin Support directly. This is not their official support means.

I did not accuse you of being a troll. I asked you if you were. It was a question not an accusation. But in all fairness I did so because you reopened a thread that is 7 months old.

The thread is the ad for the help page though and it is not a very good advertisement.
Click to expand...

That statement does not make any sense.

For the instruction for doing this correctly see here http://help.directadmin.com/item.php?id=90
 
floyd said:
You are not paying me. This is a user supported forum. I am a paying customer as well.

If you want help as a paying customer then you need to contact DirectAdmin Support directly. This is not their official support means.

I did not accuse you of being a troll. I asked you if you were. It was a question not an accusation. But in all fairness I did so because you reopened a thread that is 7 months old.



That statement does not make any sense.

For the instruction for doing this correctly see here http://help.directadmin.com/item.php?id=90
Click to expand...

These help pages don't come up very well in the search engines. They are not easy to find. The only way you really find out about them, as far as I have seen, is by coming to the forum thread first. This is why I say, the thread is lousy and not a good advertisement.

You may be volunteering here and not paid for your time. So, thanks for your help, certainly! But, DirectAdmin needs to keep in mind - from a marketing perspective - how the forum threads affect interest in DirectAdmin. That's all.

...I had been away from the forums for a very long time and it was a thread that I had originally opened and made 4 posts in. I got logged back in here and thought I would start off where I left off. I saw your reply and thought I would respond. So, no trolling. Just trying to get more involved now.
 
floyd said:
Google:

The knowledgebase page is the second link.

Its not supposed to be an advertisement.
Click to expand...

Highly untypical and it was not true in the past, when I was searching on it. Again, you don't work for them and you don't see it from a marketing standpoint. So, there is no point debating over it.
 
Just trying to help you use google properly. Listen, don't listen, I don't care. This forum has nothing to do with marketing DirectAdmin.
 
floyd said:
Just trying to help you use google properly. Listen, don't listen, I don't care. This forum has nothing to do with marketing DirectAdmin.
Click to expand...

It has nothing to do with using google more properly. 6 months ago, that result was not in second place. It was nowhere to be found. It is only because of these forums that it is now coming up in second place.
 
Look at the number of posts I have made and you will get an idea of who I am.
Click to expand...
And likewise :).

I've always found Google to be excellent at indexing directadmin sites. The problem as I see it is that the knowledgebase is not site:directadmin.com but rather site:help.directadmin.com[/i].

This thread appears to have served it's purpose. It's now closed.

Jeff
 
Status
Not open for further replies.
Back
Top