The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel thinks it always knows best!

Discussion in 'General Discussion' started by dariofg2, Aug 18, 2003.

Thread Status:
Not open for further replies.
  1. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    On every Exim update, Cpanel removes all immutable bits I had set on files /etc/exim.conf, /etc/exim.pl, /etc/init.d/exim, and overwrites them! Why the heck do Cpanel developers think they know how to run our server better than we do??? I've made modifications on all those files, and I would like to keep them, thank you very much! Why can't I prevent them from being overwritten with chattr +i ON MY OWN DAMN BOX???

    I know there is this exim configuration tool on WHM, but it won't do all the things I need. But that's not even the point, is it? I need to be able to protect any file I want from modification!!!

    CPANEL, DON'T BE A NOSY BIG BROTHER AND STOP chattr -i OUR FILES!!!

    -Dario

    cPanel.net Support Ticket Number:
     
  2. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Yes, I did. Nothing so far.

    -Dario

    cPanel.net Support Ticket Number:
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Just create

    /var/cpanel/ignoresecurity and it will not overwrite your exim configs.

    cPanel.net Support Ticket Number:
     
  4. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Great, I'll try that! But what does that do exactly? What are the security implications?

    -Dario

    cPanel.net Support Ticket Number:
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    cPanel won't update configs for most services. If there are any security changes to the configs you won't get new configs.

    cPanel.net Support Ticket Number:
     
  6. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    Dario, I think it's pretty obvious what "ignoresecurity" means. Bdraco could have named it "breakmybox" or something similar as well. If you will let cpanel do automatic upgrades, better get used to seeing your config files files modified because they're part of the upgrade. Just tell me how you expect cpanel to keep exim, mailman, spam assassin and whatnot up to date without touching the config file.

    You can do manual updates and make your changes manually in a more controlled way if you wish.

    There's also the option of re-making your changes automatically every day after cpanel's upgrade. upcp will call /scripts/postupcp when it finishes, so you can call your updater script from there. It may not be easy (depending on what changes you need to make) but I think it's the best solution.

    cPanel.net Support Ticket Number:
     
  7. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    FUCKYOU ALL ASSHOLES

    cPanel.net Support Ticket Number:
     
  8. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    **** YOU BASTARD. Restricting me from posting you asshole. You you dont like the truth then you lock people out of your fucken flame forum! ASSHOLE FUCKEN HOLE!

    cPanel.net Support Ticket Number:
     
  9. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Well, you totally missed the point! I want CONTROL ON MY OWN BOX! Very few people do a chattr +i on files, and it's their own concious decision. I think that should be respected at all costs. It's like Cpanel is saying "What the hell, these guys are so damn stupid! Let's unprotect and overwrite those files anyway!". If you don't know what you're doing and prefers to let Cpanel handle things, that's your business, not mine!

    -Dario
     
    #9 dariofg2, Aug 19, 2003
    Last edited: Aug 19, 2003
  10. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    BDraco, you know that's not what I asked for. I don't need ALL the config files not to be updated. I just want the immutable bit to be respected. CPANEL IS THE ONLY SOFTWARE I KNOW THAT REMOVES DE IMMUTABLE BIT IN FILES!!!!

    -Dario

    cPanel.net Support Ticket Number:
     
  11. carlgm

    carlgm Well-Known Member

    Joined:
    Mar 25, 2003
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    You want to control your own box?
    Why are you using cpanel then?
    Do you expect cpanel to not update your config files when it releases new software?

    I can already see it coming.

    cPanel.net Support Ticket Number:
     
  12. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Have you even read the above posts??? I'm sorry if you don't know how to sysadmin a Linux box, but I do! Have YOU ever done a chattr +i in your whole life? I think 99% of Cpanel users haven't, let alone know what it's for. I think Cpanel should respect the immutable bit. If people want to screw up their boxes by chattr +i every file they know, FINE! That's their problem!

    -Dario
     
    #12 dariofg2, Aug 19, 2003
    Last edited: Aug 19, 2003
  13. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    I understand your point.

    For security reasons, cpanel upgrades should be allowed to do whatever they are supposed to do, but if you know how to admin a box and cpanel is just an interface, like it is, you should have the ability to override cpanels changes if you want. From the other side though, some people think they know how to handle a server and may do what you do not knowing the risks. Therefore cpanel has made the choice to force updates. Overall, I think that's the best choice because for anyone who can handle a server, there's always a way around the complication.

    For example, a while back there was discussion about modifying the wwwacct file so I posted my solution to that and it ended up on dgbakers forum in the how to section. Any files I customize, I just monitor for changes with my script, or a modification to it.

    Check that thread here.

    cPanel.net Support Ticket Number:
     
  14. dariofg2

    dariofg2 Well-Known Member

    Joined:
    Mar 7, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Well, I'm sorry I have to pay the price for other users' mistakes! Anyway, here's what I'll do: I'll rename the chattr command so Cpanel won't use it anymore, since it is the only piece of software ever concieved that even thinks of messing around with chattr.

    -Dario

    cPanel.net Support Ticket Number:
     
  15. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    That'll work, as long as the cpanel upgrades don't also upgrade shell commands. ;)

    cPanel.net Support Ticket Number:
     
  16. carlgm

    carlgm Well-Known Member

    Joined:
    Mar 25, 2003
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Well. If you count being administrate the following server operating systems:
    Debain, FreeBSD, OpenBSD, Red Hat, Solaris, Windows 2000. Then YES. I do know a thing or two about administration of servers. Oh and even the Cisco IOS.

    You even managed a BGP network? Ever set-up a wireless vlan? Even reinstalled RHL from a remote location? Coded your own shell based control panel? Written a web server running it's own ports and virtual hosts based upon a flatfile or DBI structure?
    Ever built your own kernel from source? Troubleshooted hard drive failures?

    When you have, let me know. Then I will consider yourself a proper server and network admin. I have done all the above. I still have along way to go. Just do not lecture me on running a server.

    Cpanel is a control panel. It's not an AI. It does not learn that you wish to have it run X way. It runs the way it was designed to do. Sorry if you cannot understand that.

    EDITED: Fixed up a couple of typo's.

    cPanel.net Support Ticket Number:
     
    #16 carlgm, Aug 19, 2003
    Last edited: Aug 19, 2003
Loading...
Thread Status:
Not open for further replies.

Share This Page