Re: [webmin-l] privacy question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Generally, I recommend locking down users like this not by setting permissions, but by restricting the services they can use. For example, you should deny SSH logins, configure your FTP server to only let them see their home directory, and do the same with Usermin..<br /><br />=A0- Jamie<br /><br />On 31/Jul/2006 10:39 Russ Ferriday wrote ..
<blockquote type=3D"cite">
I can through all virtual hosts doing this on each user. If I do, dovecot will no longer serve imap for any of those users.<div><div><div><br class=3D"khtml-block-placeholder" /></div><div>Do you think a basic level of security should be part of the default setup for a virtual server?</div><div><br class=3D"khtml-block-placeholder" /></div><div>John Hinton suggested this change:</div><div><blockquote type=3D"cite"><div><br class=3D"khtml-block-placeholder" /></div><div style=3D"margin: 0px;">Inside of Apache 2 conf.</div><div style=3D"margin: 0px; min-height: 14px;"><br /></div><div style=3D"margin: 0px;">&lt;IfModule mod_userdir.c&gt;</div><div style=3D"margin: 0px;">    #</div><div style=3D"margin: 0px;">    # UserDir is disabled by default since it can confirm the presence</div><div style=3D"margin: 0px;">    # of a username on the system (depending on home directory</div><div style=3D"margin: 0px;">    # permissions).</div><div style=3D"margin: 0px;">    #</div><div style
 =3D"margin: 0px;">    UserDir disable</div></blockquote></div><div><br class=3D"khtml-block-placeholder" /></div><div>This will affect web access to folders, but does not affect local access.</div><div><br class=3D"khtml-block-placeholder" /></div><div>As it is at the moment, when I install two virtual servers, their users can mutually browse directories and files.</div><div><br class=3D"khtml-block-placeholder" /></div><div>--r<br /><div><div>On 31 Jul 2006, at 18:21, Jamie Cameron wrote:</div><br class=3D"Apple-interchange-newline" /><blockquote type=3D"cite"> Have you tried setting mode 711 instead? That allows anyone to chdir to the directory, but not list it ..<br /><br /> - Jamie<br /><br />On 31/Jul/2006 10:09 Russ Ferriday wrote .. <blockquote type=3D"cite"> <div>For either of the chmod versions, I get the following in /var/log/maillog</div><div><br class=3D"khtml-block-placeholder" /></div><div>Jul 31 16:37:12 air660 dovecot: chdir(/home/topia/homes/russf) failed wi
 th uid 509: Permission denied</div><div>Jul 31 16:37:12 air660 imap-login: Login: russf.topia [::ffff:86.128.111.255]</div><div>Jul 31 16:37:12 air660 dovecot: child 25628 (imap) returned error 89</div><div><br class=3D"khtml-block-placeholder" /></div><div>Bear in mind my original problem, also. Users on virtual hosts, can by default read other users' homes, because permissions in general are 755.</div><div><br class=3D"khtml-block-placeholder" /></div><div>Thanks for looking at this.</div><div><br class=3D"khtml-block-placeholder" /></div><div>--r</div><br /><div><div>On 31 Jul 2006, at 17:32, Jamie Cameron wrote:</div><br class=3D"Apple-interchange-newline" /><blockquote type=3D"cite"> On 31/Jul/2006 08:34 Russ Ferriday wrote .. <blockquote type=3D"cite"> <div><br class=3D"khtml-block-placeholder" /></div>Dovecot does not run as soon as I do either of<div>   chmod o-rx /home/&lt;virtdomain&gt;</div><div>or</div><div><div><div> <span style=3D"border-collapse: separate; col
 or: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: 
 separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: sepa
 rate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><div><font size=3D"3"><span style=3D"font-size: 11px;" class=3D"Apple-style-span">   chmod o-rx /home/&lt;virtdomain&gt;/homes/user</span></font></div><div><font size=3D"3" class=3D"Apple-style-span"><span style=3D"font-size: 11px;" class=3D"Apple-style-span"><br class=3D"khtml-block-placeholder" /></span></font></div><div><font size=3D"3" class=3D"Apple-style-span"><span style=3D"font-size: 11px;" class=3D"Apple-style-span">Is there a recommended  way of preventing a virt domain user being able to see the data of another virt domain user?</span></font></div><br /></span></span></span></span></span></span></span></div><br /></div></div></blockquote>That is quite surprising,
  as Dovecot usually runs with the permissions of the user<br />who is logged in via IMAP or POP3. What exact error message are you getting from it?<br /><br /> - Jamie<br /><br /></blockquote></div><div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-s
 ize: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(
 0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;"><br class=3D"Apple-interchange-newline" /></span></span></span></span></span></span></span> </div><br /></blockquote><br /><div style=3D"margin: 0px;">-------------------------------------------------------------------------</div><div style=3D"margin: 0px;">Take Surveys. Earn Cash. Influence the Future of IT</div><div style=3D"margin: 0px;">Join SourceForge.net's Techsay panel and you'll get the chan
 ce to share your</div><div style=3D"margin: 0px;">opinions on IT &amp; business topics through brief surveys -- and earn cash</div><div style=3D"margin: 0px;"><a href=3D"http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DDEVDEV-">http://www.techsay.com/default.php?page=3Djoin.php&amp;p=3Dsourceforge&amp;CID=3DDEVDEV-</a></div><div style=3D"margin: 0px;">Forwarded by the Webmin mailing list at <a href=3D"_unsafe_link_">web...@li...</a></div><div style=3D"margin: 0px;">To remove yourself from this list, go to</div><div style=3D"margin: 0px;"><a href=3D"http://lists.sourceforge.net/lists/listinfo/webadmin-list">http://lists.sourceforge.net/lists/listinfo/webadmin-list</a></div> </blockquote></div><br /><div> <span style=3D"border-collapse: separate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant: normal; font-weight: normal; letter-spa
 cing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: s
 eparate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacin
 g: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><span style=3D"border-collapse: separate; -x-border-x-spacing: 0px; -x-border-y-spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 10px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-indent: 0px; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px;" class=3D"Apple-style-span"><p style=3D"margin: 0px; font-size: 10px;"><font size=3D"2" face=3D"Helvetica" style=3D"font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; font-size-adjust: none; font-stretch: normal; font-size: 10px;"><span style=3D"font-size: 10px;" class=3D"Apple-style-span">=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97=97</span></font></p><div style=3D"margin: 0px; fon
 t-size: 10px;"><span style=3D"font-size: 10px;" class=3D"Apple-style-span">Russ Ferriday</span></div><div style=3D"margin: 0px; font-size: 10px;"><b style=3D"font-weight: bold; font-size: 10px;"><span style=3D"font-weight: bold; font-size: 10px;" class=3D"Apple-style-span"><span style=3D"font-weight: bold; font-size: 10px;" class=3D"Apple-style-span"><span style=3D"font-weight: bold; font-size: 10px;" class=3D"Apple-style-span"><span style=3D"font-weight: bold; font-size: 10px;" class=3D"Apple-style-span"><span style=3D"font-size: 10px; font-weight: bold;" class=3D"Apple-style-span">Topia Systems</span></span></span></span></span></b></div><div style=3D"margin: 0px; font-size: 10px;"><span style=3D"font-size: 10px;" class=3D"Apple-style-span">tel: (+44) (0) 2076 177758</span></div><div style=3D"margin: 0px; font-size: 10px;"><span style=3D"font-size: 10px;" class=3D"Apple-style-span">mobile: (+44) (0) 7789 338868</span></div><div style=3D"margin: 0px; font-size: 10px;"><span
  style=3D"font-size: 10px;" class=3D"Apple-style-span">skype: ferriday</span></div><br class=3D"Apple-interchange-newline" /></span></span></span></span></span></span></span> </div><br /></div></div></div></blockquote><br />

Re: [webmin-l] privacy question

A web-based interface for system administration of UNIX

Re: [webmin-l] privacy question