CSF Due to restrictions in DirectAdmin...

M

migmac

Verified User
Joined
Apr 15, 2014
Messages
88
Hi,

If I disable CSF at directadmin admin area, I will get this message

"Due to restrictions in DirectAdmin you must login to the root shell to enable csf using:"

and the only wait to enable it again is to login with ssh

is this a directadmin restriction? can it be fix?

Thank you
 
You should know how to use ssh before you even have a directadmin server. You cannot rely on directadmin only.
 
migmac said:
is this a directadmin restriction? can it be fix?
Click to expand...
For sedurity reasons DirectAdmin has certain limitations on what a plugin is allowed to do. So yes, you need to re-enable CSF through a root shell.

Jeff
 
nobaloney said:
For sedurity reasons DirectAdmin has certain limitations on what a plugin is allowed to do. So yes, you need to re-enable CSF through a root shell.

Jeff
Click to expand...

Thank you Jeff, it seems to be a limitation in the plugin, it will be very helpful to see this limitation to be removed in the future, sometimes I am in a network where I can't use ssh and what happen was that I had to connect a 3g pen to be able to ssh to the server to enable it

Thank you
 
I'd think it would require direct communication between CSF staff and DirectAdmin staff, to figure out what needs to be nabled and the security issues involved.

Jeff
 
I believe what they're referring to, is the fact that plugins don't run as root, for security reasons.
However, plugins *can* get root access with this guide:
http://help.directadmin.com/item.php?id=510 (but skip the drop back down to "admin" with the last setgid/setuid calls)

but heavy checking is going to be needed to keep other Users from running the suid binary.

Since we know that only Admins are going to make those changes with CSF, all they'd have to add as extra code, would be to check and make sure that the calling UID was a user from the /usr/local/directadmin/data/admin/admin.list file, and that should be safe enough to run (in addition to the "directadmin" parent check).

John
 
So it appears that CSF authors can make some changes to their plugin so it will be able to enable CSF. Will someone (perhaps the original poster) contact them and point them to John's answer? Then perhaps this restriction can be lifted.

Jeff
 
You must log in or register to reply here.
Back
Top