Hello, I was experiencing a lot of problems when my users were able to delete their /log directory despite of .no_delete file in it. As a matter of fact (especially in my server setup) every user who is with 'administrator' status owns his /log directory and .no_delete file respectively. There was no reason why they couldn't delete this file and the whole directory, which prevented apache from starting again. What I did was: Edited /root/ispconfig/scripts/lib/config.lib.php and added Code: $root_gruppe = $mod->system->root_group(); exec("chmod 400 $web_path/user/.no_delete"); exec("chown root:$root_gruppe $web_path/user/.no_delete"); exec("chmod 400 $web_path/log/.no_delete"); exec("chown root:$root_gruppe $web_path/log/.no_delete"); exec("chmod 400 $web_path/cgi-bin/.no_delete"); exec("chown root:$root_gruppe $web_path/cgi-bin/.no_delete"); exec("chmod 400 $web_path/ssl/.no_delete"); exec("chown root:$root_gruppe $web_path/ssl/.no_delete"); exec("chmod 400 $web_path/phptmp/.no_delete"); exec("chown root:$root_gruppe $web_path/phptmp/.no_delete"); exec("chmod 400 $web_path/web/error/.no_delete"); exec("chown root:$root_gruppe $web_path/web/error/.no_delete"); right after Code: exec("chown -R $user_username $web_path/log/* &> /dev/null"); in the section that follows after Code: ////////// Verzeichnisse erzeugen ENDE /////////// then i executed the command Code: find . -name ".no_delete" -exec chown root:root '{}' \; in /var/www - where ISPConfig creates the webs in my server setup, just to make sure all previously created .no_delete files are owned by root. That I believe solved my problem.
Of course the above didn't work, because the owner still has write permissions on the containing directory. Any ideas are appreciated.
Again answering to myself, I think I finally managed to do it. The permissions of the log dir itself must be 555. This way it works. The .no_delete and directory can't be deleted.
Another solution - proftpd.conf Another solution would be to add this in proftpd.conf Code: <Directory /var/www> HideFiles (\.passwd|htpasswd|no_delete|forward|procmailrc|spamassassin|vacation.cache|Maildir|csc|antivirus.rc|autoresponder.r c|html-trap.rc|local-rules.rc|mailsize.rc|quota.rc|spamassassin.rc|user_prefs|vacation.msg)$ # </Directory> Where directory is the top one for webs. I gues that when proftpd doesn't show these files, their containing directories can't be deleted. But i can't guarantee that this will work with all FTP clients.
