domlogs

[silvernetuk]

Hi,

Can someone tell me if I got this right

At current clients can going to to the domlogs folder via ftp with username as USERNAME_logs

Is it right if I chmod the domlogs folder to 711 it hides everything when ftp'ing in as USERNAME_logs

Regards,
Garry

 

[Website Rob]

Not sure how that's being done?

Even using an account with SSH access privilages, I was not able to login with an FTP program and view the domlogs of any account, using the method you described.

 

[silvernetuk]

Hi,

basicly what I am getting if I log into ftp use USERNAME_logs it goes into a directory / and that display all the log files

Regards,
Garry

 

[dgbaker]

That's normal to see them all but you should only be able to download your own. If your able to download others' logs then the permissions on the files are incorrect.

For the domainlogs it should be 640 with root:userid

 

[silvernetuk]

Hi,

I did want to hide them if possible, as I have a client saying they don't want other people to know his sub-domains, what I do fine a bit funny, the only other thing is I could put them on there own ip address, if I had to.

As for the chmod of these log files.

Do I chmod the files to 640 and how do I set the root:userid or the whole folder ?

 

[dgbaker]

Putting them on their own IP will not make a difference, cause all logs are stored in the same area.

I do not think you will be able to hide them. The directory needs to viewable by all to see their logs.

The only other option and it will be a big pain to you, is to modify httpd.conf and for his domain(s) change the location of his logs somewhere else. I don't really recommend doing that though as it will be a big pain in your ***.

I also though am not entirely sure where to modify the username_logs login id to point to a different area.

One other thought is modify as noted above but use a subdirectory in domlogs changing permissions only for root and the user. Again this though could become a support pain.


TO Anser your questions;

1. chmod 644 the domainlog files NOT the byte files
2. chown root:userid the domainlog files NOT the byte files

 

[silvernetuk]

Hi,

Thank you David will do that in the morning now, I do remeber on my old dedi server chmod the domlogs folder to something and that hide them all when ftp'ing in as USERNAME_logs will search the CPanel Forum again tomorrow just in case I missed something.

Regards,
Garry

 

[silvernetuk]

Hi,

This is the thread I belive
http://216.118.116.105/read.php?TID=5001

about chmod the domlogs folder to 711

Regards,
Garry

 

[dgbaker]

Notice though that this stops anyone from accessing any log in that folder including their own. This simply disables this feature.

 

[silvernetuk]

Hi,

Yes I did notice that, not so good but maybe the easiest way to get around it, but will chmod and chown the logs see if any of my clients say anything, if they do I will have to chmod the folder to 711 and hide everything.

Regards,
Garry

 

[jamesbond]

I haven't tried CPanel 6 yet, but I hope they have reorganized things like this.

Why doesn't every domain have its own logs directory, so that when you ftp to it you end up in that domain's logs directory.

I don't see the logic of putting the logs for all clients on the server in 1 directory.

 

[dgbaker]

It also would not take much, a simple tweak of wwwacct would do this automatically. I may even try it on one of our servers to see.

Make it so the structure is /domlogs/domainname/files

 

[Juanra]

Or better domlogs/username/files
The problem as always are subdomains...

 

[Website Rob]

Alright, now I feel like I'm missing out on something.

Why is that some setups can do this and some not? Does it have to do perhaps, with which version of WHM one is using -- I, for example, use 5.3 E133. Or is it from some other option to do with setup of WHM and/or FTP?

 

[dgbaker]

Well I got to work by doing some modifications to wwwacct.

Now for the BUT! But, here is the issue, all the stats programs fail and raw download ends up blank.

 

[Website Rob]

More to the point, I don't want anyone going through the touble of trying something here, I wondering if this is some how a default setup or if changes were made on purpose to allow it -- thread starter didn't mention this.

I don't see why anyone would &want& a setup like this and if done by default, I would like to know how to turn it off. My WHM install was done by my DC and I'm not sure what they did.

 

[dgbaker]

Rob;

All my servers are on the same version as you and any user was able to ftp in using username_logs and see everyone elses log domain logs. I as well had the servers setup by the NOC and even when I hosted with other companies in the past this was an issue.

 

[Website Rob]

Thanks for the info, David. Presuming this is not so simple as being dependant upon which FTP program is used -- and the fact that I was not aware of this (security bug?) until now, with my own Server -- it leaves to me think it must have something to do with either of:

settings for 'rhosts' (which I've disallowed) and/or PHP safemode (which I've turned on).

Any thoughts?

I mean, I'm glad this cannot happen on my Server and would like to know how/why so I can always make sure it is done this way.

 

[dgbaker]

I really don't know, I do know it has nothing to do with the ftp software either client side or server side. Are you on RH8 by any chance? or 7.3?

I take it that when you try this on your server you see only that users particular logs?

 

[Website Rob]

I'm using 7.3 and I get nothing. I've tried with two different FTP programs and this is all I get:

Here is an excerpt:

~ Connecting...
~ Connected to xx.xx.xx.xx, waiting for response...
& 220 ProFTPD 1.2.4 Server (ftp.domain.com) [xx.xx.xx.xx.]
& USER xxxxxxxx_logs
& 331 Password required for xxxxxxxx_logs.
& PASS *****
& 230 User xxxxxxxx_logs logged in.
& 257 &/& is current directory.
~ Login completed.

Directory is blank and I cannot go anywhere.

Do you, David, or anyone with this problem, allow &rhosts& and have PHP SafeMode turned off? Just looking to compare apples to apples as much as possible.