Creative user deletes /public_html/ or /logs/ kills apache

Here’s a fun situation:

A user clearly doesn’t understand FTP. They disregard the instructions to upload to /public_html/ and instead connect via FTP and “syncs” their local directory to the remote. Their FTP client removes (because the /home/VIRTMINUSER/ is set with write permission turned on for the VIRTMINUSER on that directory) the /home/VIRTMINUSER/public_html/ and /home/VIRTMINUSER/logs/ directories.

An early morning cron job to rotate logs makes apache reload and erroring out due to DocumentRoot, CustomLog, ErrorLog directories missing. Effectively shutting down the complete web server. DOH!

Since webmin and virtmin uses OS users and doesn’t change the /home/VIRTMINUSER/ to something owned by “root:root” like other commercial hosting software (Plesk, Cpanel, etc), this allows the end user to do the above creative task and kill apache.

Has anyone come up with a better solution on the creation of the /home/VIRTMINUSER/ directories instead of the defaults used by Virtualmin – is there a settings change somewhere?

Or is there a method to stop Virtualmin Pro from creating the user with them owning the /home/VIRTMINUSER/ directory and set it up as root:root?

Your insight would be greatly appreciated.

From Jamie:

There is actually a solution for this problem - Virtualmin can be set up to have Apache write its log files via a pipe program, which will stop Apache from crashing if the logs directory is deleted. To do this, do the following :

  1. In Virtualmin, click on System Settings in the left-hand
    frame, and then on Server Templates
  2. Click on Default Settings in the list on the right.
  3. Change the ‘Write logs via program?’ option to Yes, and
    click Save.
  4. This will ensure that all virtual servers created from now
    on do their logging via the pipe program. To fix up all
    existing virtual servers, run the following command as
    root at the shell prompt :
    /usr/libexec/webmin/virtual-server/ --all-domains

This fix doesn’t address the missing public_html problem… however, that is just a warning, which shouldn’t prevent Apache from starting .

Virtualmin GPL has the same configuration setting in the main template. However, there is no script (only in Virtualmin Pro).

Just for fun, I did a bit more digging into this issue, and another creative partial solution I found over in the TextDrive blog is to create a hidden file owned by root in each directory. This can’t prevent moving of the directory, but it can prevent accidental deletion by ignorant users. Seemed like a nice simple step to decrease risk, so we’ve added it to the domain directory creation step for the next version of Virtualmin.

I seem to recall I saw the bug discussion where the “no” problem got resolved, but if I’m imagining that, feel free to file a bug. The script should be available in both GPL and Professional.