SuPhp - users a able to browse out of home dirs

gazkin

Verified User
Joined
Jun 13, 2007
Messages
14
Hi,

I setup a directadmin installation with suphp enabled; however, users are still able to browse eachothers home dir`s or other dir`s on the server.

phpinfo tells me suphp is enabled (runninf as fast cgi)

Some more info:
Code:
ls -l

drwx--x--x. 6 admin      admin  4096 Apr 26 12:02 admin
drwx--x---  5 daniel     daniel 4096 Apr 26 14:43 daniel
drwx--x--x  6 bbb     bbb 4096 Apr 26 19:38 bbb
drwx--x---  6 bbbuser access 4096 Apr 27 14:39 bbbkuser
drwxr-xr-x. 2 root       root   4096 Jul 19  2011 ftp
drwx--x--x  5 gigi       aiai   4096 Apr 26 14:48 aiai
drwx--x---  4 testa      access 4096 Jun 10 15:51 testa
drwxrwxrwt. 2 root       root   4096 Jun 10 00:10 tmp

I`m running php shell using the 'bbbuser' account.

What am i doing wrong? :)
 
drwx--x--x 6 bbb bbb 4096 Apr 26 19:38 bbb
drwx--x--x 5 gigi aiai 4096 Apr 26 14:48 aiai

Wrong permissions... unless bbb is a reseller ... and user aiai...!
 
I don't know how exactly and what exactly you try to do... so I can't give any direct guide. In most cases enabled secure_access_group and suPHP protects against browsing homedirs of other users. If it does not work in your case, then your setup is miss-configured and nobody but you knows details. So either give more details, or hire somebody to fix it for you.

Depending on your PHP version and settings, you might want to enable open_basedir (along side with suPHP you might need to do extra steps to make open_basedir to work with suPHP).
 
Hello,

From your post, which home directories were able to be viewed?

Do you have a sample script that was used? A phpinfo() output would help (to see the running uid/gid values)

Are there any symbolic links in place to provide viewing access?
If so, ensure the custombuild option:
harden-symlinks-patch=yes

is enabled.. which prevents symlinks between accounts (should be on by default for new installs)
Related guide:
http://help.directadmin.com/item.php?id=421

John
 
Back
Top