[SOLVED] ISPConfig setting DocRoot in Apache Directives doesn't work

And as I mentioned, we might make such a field accessible. The main problem is that people might assume then it's safe to use that field as it's there and easily accessible.

I will not post instructions on how to exploit servers here. Believe me, it can be done with a custom docroot being in use. We have evaluated this option years ago as users requested it, and we have not yet found a reliable way to prevent that. But I might take a look into that topic again.

 

It might be that I overlooked something obvious, so here is the scenario that must be solved:

Let's assume we have a Linux user named 'tom'. He has a directory /home/tom. The directory /home/tom is owned by tom. Inside this directory, we have a directory public_html, so we have the following directories:

/home/tom
/home/tom/public_html

Both directories are owned by tom, but tom must not be able to remove or rename the directory public_html even if he is the owner of public_html and also owner of the directory /home/tom. Also, tom must be able to create files and directories in /home/tom and also in /home/tom/public_html

To mention it, the immutable attribute does not help here because if you set it on a folder, it will prevent changes in that folder. So setting it to /home/tom will prevent tom from removing public_html (which is good), but it also prevents him from creating files and folders in /home/tom (which is bad as he must be able to do that), so this solution does not meet the requirements.