Is there a good way to maintain some security in the system for shell-users without having to chroot/jail everyone? I've tried to simply change user dir permissions chmod 701 to hide people from snooping the files initially. However that seems to make ISPC unable to read statistics (quota) from the directories. Are there any efficient methods to handle this? I tried to turn on sudo support for the du-command as shown in other threads but it doesnt seem to help. Is sudo-config option bugged? admispconfig has permission to run du under sudo.
No, it's working fine on our test machines. I think the problem is that you changed the permissions to 701. That way only the owner (and noone else) can read.
Yes, but shouldn't it be possible to change $go_info["server"]["sudo_du_enabled"] = false; // enable sudo for gathering website file usage to: $go_info["server"]["sudo_du_enabled"] = true; // enable sudo for gathering website file usage Then shouldn't ispconfig run "du" as sudo-root? I think it's a security-risk to leave directories as 755 . Also, a side-question. Does ispconfig use the quota-function of the system? I dont see it using any of the diskquotas.
It is installed, how can I see if it's being used in ISPConfig? Check each users with "quota" command?
