From: Roger B.A. K. <ro...@qu...> - 2010-02-20 16:37:32
|
How do I configure the system such that, by default, new users (or Virtualmin-created users) are chrooted into, or restricted to, their home directories? |
From: Jamie C. <jca...@we...> - 2010-02-21 03:11:16
|
On 20/Feb/2010 08:37 Roger B.A. Klorese <ro...@qu...> wrote .. > How do I configure the system such that, by default, new users (or > Virtualmin-created users) are chrooted into, or restricted to, their > home directories? Virtualmin-created domain owners are already unable to see directories other than their home directory. Mailbox users who have access to the File Manager via Usermin on port 20000 can be restricted at Webmin -> Usermin Configuration -> Usermin Module Configuration -> File Manager. - Jamie |
From: Roger B.A. K. <ro...@qu...> - 2010-02-21 17:05:15
|
On 2/20/10 7:11 PM, Jamie Cameron wrote: > On 20/Feb/2010 08:37 Roger B.A. Klorese<ro...@qu...> wrote .. > >> How do I configure the system such that, by default, new users (or >> Virtualmin-created users) are chrooted into, or restricted to, their >> home directories? >> > Virtualmin-created domain owners are already unable to see > directories other than their home directory. Mailbox users who have > access to the File Manager via Usermin on port 20000 can be restricted > at Webmin -> Usermin Configuration -> Usermin Module Configuration -> > File Manager. > It's the domain owners I was talking about - one user told me that, with the settings of / as the root and /home/<user> as the directory they can manage -- the defaults I got -- they could see all directories but not manage anything other than their home. |
From: Jamie C. <jca...@we...> - 2010-02-21 17:29:42
|
On 21/Feb/2010 09:05 Roger B.A. Klorese <ro...@qu...> wrote .. > On 2/20/10 7:11 PM, Jamie Cameron wrote: > > On 20/Feb/2010 08:37 Roger B.A. Klorese<ro...@qu...> wrote .. > > > >> How do I configure the system such that, by default, new users (or > >> Virtualmin-created users) are chrooted into, or restricted to, their > >> home directories? > >> > > Virtualmin-created domain owners are already unable to see > > directories other than their home directory. Mailbox users who have > > access to the File Manager via Usermin on port 20000 can be restricted > > at Webmin -> Usermin Configuration -> Usermin Module Configuration -> > > File Manager. > > > > > It's the domain owners I was talking about - one user told me that, with > the settings of / as the root and /home/<user> as the directory they can > manage -- the defaults I got -- they could see all directories but not > manage anything other than their home. I just tested this again, and found that even though the domain owner is not strictly chroot'd to his home directory (he can still see the path as /home/xxx), he cannot see any other directories under / or /home. - Jamie |
From: Roger B.A. K. <ro...@qu...> - 2010-02-21 22:55:42
|
On 2/21/10 9:29 AM, Jamie Cameron wrote: > I just tested this again, and found that even though the domain owner is > not strictly chroot'd to his home directory (he can still see the path > as /home/xxx), he cannot see any other directories under / or /home. > Sorry - false alarm. Really bad language in the user problem report. She was actually using Midnight Commander as an FTP client, and claiming that it was ignoring the chroot so she could see the rest of our file tree. After installing it on one of our systems and logging into another as her via FTP, I'm suspecting really bad UI design -- I think when she CHDIRs upward to .. she's seeing the LOCAL tree. |