Directory Permissions

[Brad]

Just curious what directory and file permission settings the [b:4e5a00ea94]/usr/local/apache/domlogs/domain.com [/b:4e5a00ea94] should have? Right now anyone can look at anyone elses logs, I don\'t like it. I haven\'t changed it for fear of breaking something in Cpanel.

The directory settings
drwxr-xr-x 2 root root 8192 Jan 12 01:43 domlogs/

All logs are currently:
-rw-r--r-- 1 root root domain.com

 

[feanor]

Hmmmmmmmmmmmmm....
rw-r-r
Seems to be the standard for domlog permissions on any cpanel box I have ever touched- and linux machines that don\'t have cpanel.

If you want to delve into security here , you can of course deny remote shell access..
Or.... change permissions to your liking on a particular domain and then perform the ritual of seeing \"what you blew up\" in CPanel/apache, if anything.

Such as, can apache still write everything possible to the file / is http bandwidth tracking still working / is http bandwidth quota affected / are things busted in the http reports within the WHM..... does webalizer or analog break....

With situations like that you basically have to venture out and beat the hell out of a dummy account to see what occurs-
*unless* someone of a higher power/understand can shed some technical light on this.

 

[moronhead]

Feanor,

I noticed that your company gives SSH access to users. Can you give us an idea how you are handling security?

[quote:142712a088]If you want to delve into security here , you can of course deny remote shell access.. [/quote:142712a088]

 

[bdraco]

domlogs

Can anyone give a reason why someone would even care enough to want to access another site\'s domlogs, or why this would ever be a problem?

 

[Brad]

Privacy!

All sites should have a privacy policy but I\'ll bet most or never address the fact that all server log files are viewable by others when they are, do you?

Yes. One of the requirements of responsible net citizenship is respecting the privacy of others. Just as you don\'t forward or post private email without the author\'s consent, in general you shouldn\'t use or post Web usage statistics that can be attributed to an individual or business.

If you are a government site, you may be required by law to protect the privacy of your readers. For example, U.S. Federal agencies are not allowed to collect or publish many types of data about their clients. Yes, most of you are not hosting government sites but you may be hosting local government which many times follows the big brothers rules and regulations and this information being viewable could open up a can of worms at a later date.

Although not the problem of cpanel but of other software developers programming techniques, passwords are often sent as clear text in the url when accessing cgi and php scripts. Often times a URL requested (including the values of any variables from a form submitted using the GET method) are visible. The programmers of these scripts claim the server is not secure if people can see other peoples logs and throw the blame on the server administrators. The server administrators blame the script makers, thus the problem exists.

Many times the passwords are sent by accident and are recorded in the logs, where access could be attained.

It\'s just another avenue of privacy that should be addressed but is still lagging behind. Its a blueprint of operations for the domain or business that is exposed to the public that I\'m sure they don\'t wan\'t visible to be used in any way you can imagine.

Basically it comes down to our responsibility to provide a level of privacy to our users that they would expect to have. I don\'t think the current system does a job to be proud of. Hopefully, this and other areas of concern will be secured in the near future.

Brad



[quote:c2a956407d][i:c2a956407d]Originally posted by bdraco[/i:c2a956407d]
Can anyone give a reason why someone would even care enough to want to access another site\'s domlogs, or why this would ever be a problem? [/quote:c2a956407d]

 

[Annette]

If the concern is so great that one particular site\'s domlogs should never, under any circumstance, be viewable by anyone other than the owner, ever - then the site is unsuitable for shared hosting [b:87cbef4ece]in this environment[/b:87cbef4ece] and probably in any other as well, since there is absolutely no way you can guarantee them that such access will never happen.

While I\'m all in favor of privacy - more so than most, in fact - there are ways around this if you choose to pursue them. For starters, you could start writing the logfiles to the user\'s own space. Or, you could turn one (or more) into root-only access and see if anything breaks, as suggested above. You could also restrict shell access to the server (turn off telnet, do not enable SSH by default for any account). And so on. The way things are set up right now are pretty common in a shared environment, Alabanza notwithstanding. That doesn\'t mean they can\'t be changed by you even if the dev team doesn\'t feel it necessary to change them for you.

 

[bdraco]

Making the dir root readable only will break webalizer/analog.

The problem with putting the log files in the user\'s dir is the user could delete the log dir

CustomLog /home/web/logs/web.cpanel.net combined

/home/web/logs doesn\'t exist.. so
[Mon Jan 14 07:28:26 2002] [error] (2)No such file or directory: could not open transfer log file /home/web/logs/web.cpanel.net.
Apache dies ..

If anybody has an idea on how to make this more practical, I\'d love to hear it.