Bug? Default pages not copied from /home/resellername/domains/default

C

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
I saw that problem before, but i just don't care.
Now my resellers is asking me - why they cant change default content for their users?

I have tested it on 2 our servers with RedHat and FreeBSD.

When reseller adds new user nothing is copied from his /home/resellername/domains/default/ directory.
Files copied _ONLY_ from /usr/local/directadmin/data/templates/default/ directory.
(If /usr/local/directadmin/data/templates/default/ is empty, nothing copied at all.)

Maybe I have missed something? Is there anybody for whom this feature works correctly?

BTW: Why I can't leave /usr/local/directadmin/data/templates/default empty? On every upgrade DA creating their index.html & logo.jpg there. :(
 
Yes. You're right. That's because of permissions.

We have 710 user:apache permissions on /home/user/domains directories (because this is only way to secure most of user's files).

OK. I'm wrong - that's not a bug actually.

[offtopic]
Damn. Now DirectAdmin doesn't care enough about security...

If we'll leave 711 permissions on /home/user/domains (as DA sets by default) than ANY user will be able to read:
1) log archives of another user (sometimes it's useful to find exploitable scrips or some sensetive data)
2) password-files of another user from domains/domain.com/.htpasswd
3) any files of another user located in their domains/ folder (except domains/*/public_html and domains/*/private_html) if they have world-read permissions. (Often users trying to put sensitive data outside fom document_root to secure it)

Not enough?
Finally, once frontpage is enabled on account - any user becomes able to read world-readable files (commonly php-scripts and data for php-scripts) even from public_html folder of that account!

I know why they changed their security scheme - when domains/ folder has 710 permissions anonymous FTP doesn't work.
But changing permissions to 711 it's WRONG solution. I suggest better way is to change public_ftp location from /home/user/domains/domain.com/public_ftp to /home/user/public_ftp/domain.com

But who cares?...
[/offtopic]
 
Last edited:
You must log in or register to reply here.
Back
Top