Virtualmin - Re: Newly created user can access all server files via File Manager?

Forum Help

Welcome, Guest
Please Login or Register.
Lost Password?

Newly created user can access all server files via File Manager? (1 viewing)

#2302

ah...lifes...good (User)

Posts: 260

Newly created user can access all server files via File Manager? 2006/07/07 05:11
Hi Joe, I created a virtual server and domain name user via Virtualmin Pro. I noticed that the user can "see" all files on the server, instead of being limited to view files in the domain name directory only. Is there a way to close this security loophole? Many thanks.

The administrator has disabled public write access.

#2303

ah...lifes...good (User)

Posts: 260

Re: Newly created user can access all server files via File Manager? 2006/07/07 05:38
Don't worry about it, Joe. I found the answer. > Usermin Configuration] Access Control Options] Root directory for file chooser] tick User's home directory AND > Usermin Configuration] Usermin Module Configuration] File Manager] tick Allow access to home and directories below..

The administrator has disabled public write access.

#2317

Joe (Admin)

Posts: 4213

Re: Newly created user can access all server files via File Manager? 2006/07/10 13:42
Good sleuthing, A. That ought to be the default, but I guess it wasn't when you install (or maybe even still isn't, I'll have to check).

The administrator has disabled public write access.

#2318

Joe (Admin)

Posts: 4213

Re: Newly created user can access all server files via File Manager? 2006/07/10 13:44
Oh, though I should point out that Usermin respects file permissions--even the old settings shouldn't actually be even a minor a security issue unless you have a habit of making files world-readable/world-writable (e.g. the much-maligned habit of some web developers doing "chmod 777" as a first debugging step...never, never, never do that...but I'm sure I don't have to tell anyone here that).

The administrator has disabled public write access.