SSH user acces can find all info of other user ...

[olileton]

Hello

Sorry for my bad english ...

But when i'm loggin with a user ssh access i can open files of other user.

simply like this ...

* cd /home
* ls
* cd username/public_html
* ls
* cat index.php | more

I don't how to patch this big problem !
Many thks for your help

Olivier

 

[ditto]

First read this: http://www.directadmin.com/features.php?id=961

Then try to enable it like this:

Edit: /usr/local/directadmin/conf/directadmin.conf and make sure you have these two lines:

secure_access_group=access
apache_public_html=0

Save changes to the file and run this in shell:

service directadmin restart
echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue

Then also manually check that the /home folder is set to 0711 permission.

 

[chatwizrd]

Users dont need ssh access. It is a bad idea to give it to any user.

 

[olileton]

Ok Many thks for your help !

I think i'll disable user ssh access too

Olivier