Filezilla is able to access root directory on entire webmin system when logged in as a virtual server owner?

4 posts / 0 new
Last post
#1 Thu, 03/14/2019 - 17:52
adamjedgar

Filezilla is able to access root directory on entire webmin system when logged in as a virtual server owner?

Hi guys, I refer to this discussion from quite some time ago...

https://www.virtualmin.com/node/35752

whilst in virtualmin filemanager, this problem now seems to have been resolved...i am now looking at my filezilla screen with some trepidation wondering how on earth this can be?

see google drive screen shot here...https://drive.google.com/open?id=1YFaZCTUfKNntPLDQvEVTX9Ai6MirO52Y

and the corresponding virtulmin file manager view here...https://drive.google.com/open?id=1FP0D3EWUfYmuM1leyfd2qrWOCG0iHL6L

This is a brand new Virtualmin instance with default installation settings. I havent configured anything in proftp, This is straight out of the box file permissions.

To add to the discussion mentioned in the forum thread above, shouldmy default virtualmin installation setup by running sh install.sh from command shell on my brand new Vultr VPS allow this?

Is there something that i should have done on the default debian 9 system before running the virtualmin installer?

Also, i did not install as a sudo user. When we create vultr instances with debian access is root user and that is how i installed virtualmin. I did try sudo user install on another one and had major problems after the installation was complete, so i did not attempt that it with sudo user again on this system.

So to recap...

  1. why is "default" virtualmin installation on my debian 9 VPS allowing filezilla sftp user to access the entire server root directory? (virtualmin file manager is not allowing this and works as expected)

  2. I am confused as to what is the point of having SSH? We read all over the web SSH is more secure this is the best method for data transfer. Then i read, SSH is almost impossible to lock down so that users dont get at least visual access to an entire server by running scripts etc!

Virtualmin documentation makes reference to SSH, SCP, and FTP over SSH (SFTP) and yet in the forums it appears we are being told that this actually is a terrible idea and shouldnt be used because it relies entirely on just user permissions in order to prevent users from editing files that are for some ridiculous reason, clearly visible to them...but that they are not the owners of (ie files in the root directory owned by root, and files owned by other virtual servers as well)

So what on earth should i do for my server with shared hosting accounts (virtual servers) on it? Do i just completely shut down the SSH server functionality and force them all to use ftp or ftps/ftpes?

Is there a "Virtualmin official guide" on how to setup ftpes?

Thu, 03/14/2019 - 20:16
adamjedgar

another update on this... take a look at the next image i have. I am using sftp in filezilla as a virtual server owner and am able to easily navigate to the webmin server root diretory and upload files to it!!! Surely i should not be able to do this as a "virtual server owner" from a default virtualmin installation?

see google drive image here... https://drive.google.com/open?id=1AZElfZGIAydbFGafBhu3Evqp-uWyZ4s3

Thu, 03/14/2019 - 20:58
JohnnyC1951

All over this forum is stuff that possibly points to a suexec screw up and it happened in February. I use the Onrej Surry Repo and watched the Apache and all sub-modules upgrade fall over in spectacular fashion, followed by a few hasty updates in VERY short order. At least, this was exactly when mine started misbehaving. And what fell over? suexec. Google what it does. It controls who owns what in apache and could explain why ownerships are not respected, plain wrong, and some can wander out of home docroot jail. Resetting VM permissions sets the VM's to user ownership (allegedly) but Apache says they are all owned by www-data so it is not happy. But in one case, on one server, they are all owned by root. If I get time I will have a dig. My guess is that susec's config got overwritten to defaults (www-data) and or root and ignores VM's change requests somehow.

Fri, 03/15/2019 - 05:40
adamjedgar

What i have figured out is that its not quite as i said. Whilst at first it appeared that i could upload files to directories outside of that of the virtual server owner when using filezilla sftp, it isnt actually able to complete the task as such. The file appears in the directory, but as soon as one clicks refresh the "you dont have permission to do this" error pops up and the file is removed from the visible window on the server directory.

Having said that, i think its absolutely absurd that a user who does not have the level of authorization, should even be able to view outside their own directory. That in my mind is as bad as showing the public through glass windows the entire contents of a bank vault (including everything that is in said vault that actually belongs to private citizens...ie jewels, gold, paintings etc)

I am keen on at least making the filezilla users unable to see outside their own directory, however, one thing that concerns me is doing anything outside of the Virtualmin GUI seems to cause shit to hit the fan! In my mind this is one of the failures of this type of CP...it should not have any customisation of the O/S or webserver defaults as intended by their developers. Its too flaming hard to bloody navigate around the program as it is. I try to find information via google, however, unless someone has talked about it on this forum, quite often googling solutions to problems and implementing them, ends up completely stuffing the entire virtualmin install. When one adds to this the fact that the documentation is extremely limited and not particularly in depth for such a complex control panel...well, shit hits the fan way too often! I havent a clue what to do about this other than to simply disable sftp and ftpes...forcing users to use the filemanager only. I already sense troubles ahead. Fortunately, my first hosting packages are going to focus on Wordpress. I can simply force all customers to use the WP dashboard only for the time being (thus i would be providing a managed service i guess one would say!)

I have decided that i need abackup plan. My plan is to spin up another server running ISPConfig. ITs the only panel i know 100% will work for me in light of this. The "howtoforge" tutorials are fantastic and always work. I need something i can rely on 100%. IF i keep on this pathway, im going to get completely creamed when someone breaks in and destroys my server!