Hi Joe,
I created a virtual server and domain name user via Virtualmin Pro.
I noticed that the user can "see" all files on the server, instead of being limited to view files in the domain name directory only.
Is there a way to close this security loophole?
Many thanks.
Don’t worry about it, Joe. I found the answer.
> Usermin Configuration] Access Control Options] Root directory for file chooser] tick User’s home directory
AND
> Usermin Configuration] Usermin Module Configuration] File Manager] tick Allow access to home and directories below…
Good sleuthing, A. That ought to be the default, but I guess it wasn’t when you install (or maybe even still isn’t, I’ll have to check).
Oh, though I should point out that Usermin respects file permissions–even the old settings shouldn’t actually be even a minor a security issue unless you have a habit of making files world-readable/world-writable (e.g. the much-maligned habit of some web developers doing “chmod 777” as a first debugging step…never, never, never do that…but I’m sure I don’t have to tell anyone here that).