Newly created user can access all server files via File Manager?

Hi Joe,

I created a virtual server and domain name user via Virtualmin Pro.

I noticed that the user can "see" all files on the server, instead of being limited to view files in the domain name directory only.

Is there a way to close this security loophole?

Many thanks.

Don’t worry about it, Joe. I found the answer.

> Usermin Configuration] Access Control Options] Root directory for file chooser] tick User’s home directory


> Usermin Configuration] Usermin Module Configuration] File Manager] tick Allow access to home and directories below…

Good sleuthing, A. That ought to be the default, but I guess it wasn’t when you install (or maybe even still isn’t, I’ll have to check).

Oh, though I should point out that Usermin respects file permissions–even the old settings shouldn’t actually be even a minor a security issue unless you have a habit of making files world-readable/world-writable (e.g. the much-maligned habit of some web developers doing “chmod 777” as a first debugging step…never, never, never do that…but I’m sure I don’t have to tell anyone here that).