FileManager always prepends users' home directory to files/directories

ErickCantwell

Registered
Jan 1, 2012
2
0
51
cPanel Access Level
DataCenter Provider
This may be a bug, but I can also see where it would be working as intended, so I figured that I would post this here in case anybody has a work-around. If others think that it's a bug then I'll be happy to create a ticket.

The file manager always prepends the users' home directory to directory paths. This can cause problems when symlinks exist that point outside of the user's home directory. For example:

If we have the following symlink set up to point to a special directory that contains logs we want the customer to access:

lrwxrwxrwx 1 rioteigt rioteigt 11 Apr 19 14:13 /home1/rioteigt/access-logs -> /var/log/domlogs/rioteigt

The filemanager will:

A) Properly list the symlink as a directory we shoud be able to navigate
B) When we try to access it through the FileManager we get the following error:
[2012-04-25 20:46:54 -0600] warn [fileman::listfiles] Encountered error in fileman::listfiles: Internal error: can't find that folder: /home1/rioteigt/var/log/domlogs/rioteigt

I've read over the fileman::listfiles documentation here Fileman Module Documentation and it seems like we should be able to work around this problem by changing the dir value when listing a symlink. That being said, the fileman module is built into the cPanel binary. We can't patch or modify it (if my understanding is correct). Has anybody already run into worked around this or come up with a solution?

Thanks in advance,

Erick
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hi Erick,

I suggest posting a ticket if you believe this to be a product defect. Of note, the workarounds forum is not for asking for assistance. We have multiple forums for that purpose. The workarounds forum is to post workarounds you have for others to use. Basically, guides on how to change things. Please only post actual workarounds for customizations you've found to this forum.

As such, I'm moving the thread to the general forum where requests for assistance would go.

Thanks!
 

NetMantis

BANNED
Apr 22, 2012
116
1
66
Utah
cPanel Access Level
DataCenter Provider
Speaking purely from a security standpoint, you actually would not want the file manager to follow any symlinks. Doing so would completely undermine the whole basis of folder security of having any home locations entirely. The web logs can be accessed by other means and should be downloaded that way, not by the File Manager.
 

ErickCantwell

Registered
Jan 1, 2012
2
0
51
cPanel Access Level
DataCenter Provider
Hi Erick,

I suggest posting a ticket if you believe this to be a product defect. Of note, the workarounds forum is not for asking for assistance. We have multiple forums for that purpose. The workarounds forum is to post workarounds you have for others to use. Basically, guides on how to change things. Please only post actual workarounds for customizations you've found to this forum.

As such, I'm moving the thread to the general forum where requests for assistance would go.

Thanks!
Thanks Tristan, and sorry for posting it in the wrong forum. I don't believe this to be a product defect. I think that it's working as intended.

NetMantis:
I agree with you on a general basis (also why I don't really think that this is a bug), but there are also several specific instances where following symlinks is, while not completely necessary, much better for customers. For example, why would we not allow them to follow a symlink that points /home/user/www -> /home/user/public_html (which they can do)?

Anyways, I'm not here to argue that point. On that train of thought, though:

Any ideas on how I would get the FileManager to NOT list that symlink?

I have two options:

1) Make it work so that customers can access that directory.
2) Not display the symlink. Not displying it would be better than having it be broken.

If I had access to the listfiles function I could simply edit it. That apparently isn't an option. Does anybody know of a Javascript workaround or any other files that could be modified to the get one of those outcomes?