From: Joaquim H. <jo...@we...> - 2007-10-19 11:38:41
|
Couple of issues/questions: 1) When I create new VM-sites, I get a selected set of features enabled for the log-in (admin) user of the VM-site. I cannot seem to disable certain things, like "SYSTEM INFORMATION" at the bottom (Blue Framed Theme). On a "minimum information disclosure" path of thinking, I really don't want to show this information to a VM-site admin. 2) The file manager, which I've made available to VM-site admins, doesn't start in the user's home directory. Although I've checked every single box I could find regarding this. I start in the / folder.. and I could happily navigate around and open files outside of the VM-site's root. 3) In the upload/download module, VM should enforce some basic sanity checking, regardless of settings. VM-site admins are seldom root, and the "Owned by user" should be locked down or only display the username associated with the site in question. Right now it shows "root", which I believe is the default.. owned by group same thing.. I can click on the selection button, but there are no groups to choose from. Also.. I entered "URLs to download" as a web site.. does that not work? Does it have to be a specific file? 4) Everywhere VM displays information about physical paths, I think they should be masked (or "rootjailed" if you will) .. I don't want VM-site admins to know their site is under /srv/www/sites/foo.doo .. I want /foo.doo" to be the "displayed root path". |