The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User can see other users files.

Discussion in 'General Discussion' started by cculha, Sep 6, 2004.

  1. cculha

    cculha Member

    Joined:
    Aug 24, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hi.In my server a user can see the other users files. ex:
    cd ..
    cd otheruser
    cd ircd
    pico ircd.conf

    Another user can't change the file but he/she can see the o:line. I want to close it.How can i close it for all users.Thank you. My os is freebsd.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You can't, really, that's one of the main problems of virtual hosting. However, the following does help:
    /scripts/enablefileprotect

    Also, if you enable SUEXEC and compile PHPSUEXEC and teach your users to use appropriate (user/group level permissions) then you can prevent most of that.
     
  3. s_2_s

    s_2_s Well-Known Member

    Joined:
    Aug 9, 2004
    Messages:
    215
    Likes Received:
    0
    Trophy Points:
    16
    i have the following suggestions for you in addition to notes above

    1- creat a new php file and put in it <? phpinfo(); ?> and run it from your browser then search for php.ini location and then open your ssh client and login to your server as root... pico or iv the php.ini and edit it and set the safemode "on" instead of "off" also disable exec , system add them to your disable functions

    2- using your security tweaks on whm root .... enable open base dir protection
    3- install clam from clamav.com
    4- install abf firewall
    5- make sure your kernel is up2date ;) and so is httpd php and that theer are no errata
    6- when needed to give a user shell dont enable normal shell but enable jail shell " yopu can find that under manage shell access in whm

    and hope it helps
     
  4. cculha

    cculha Member

    Joined:
    Aug 24, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    ok but if i give jail shell the user can't do anything like wget?!?
     
Loading...

Share This Page