Menu
▾
▴
[webmin-devel] [Protected Web Directories] Webmin Version: 1.121
|
From: Martin M. <mm...@ag...> - 2003-11-10 12:47:47
|
Howdy, I think there is a bug in this module. Conception: If you log in to Webmin with "UserA:PasswdA" and want to create such a Directory it is ok to show "/" as Start-Dir for the Webmin-Administrator. I think it is not ok to show "/" as Start-Dir for a low-leveled User like "UserB:PasswdB", isn't it. In addition and if "UserB:PasswdB" is trustworthy "UserC:PasswdC" may is not and has the ability to delete the settings of "UserB:PasswdB" Solution: Do not make "Protected Web Directories" available to Users on your system you do not trust, because everyone can safely delete other one's settings. Wish: If "UserB:PasswdB" is a non-webmin-admin he should be "chrooted" to his ~/. while using this module. hth -- bis dahin - kind regards Martin Mewes --=20 http://webmin.mamemu.de/ Official Webmin/Usermin Translation Co-Ordinator 2003/2004 Proud Agent 2.0 Beta Tester |
