Secure home folders ETA?

Hey Joe,

You mentioned in an email:

"We are, however, currently in the midst of upgrading all of our platforms to Dovecot 1.0, which will allow us to finally lock down directories of domain users to 750 permissions. When combined with suexec for all script types, this is pretty solid shell security."

I’m really excited about that - do you have an ETA? I don’t want to use VirtualMin for shared hosting clients until thats implemented, as security is a big issue :). Do you think that’ll be in VirtualMin by December 15th?

Thanks!
Donald

Hey Donald,

Yes. (I’m breaking my rule of not announcing dates. But I’m pretty confident on this one. The code for migrating configurations has been written, the packages are done for all of the Red Hat based platforms, and I don’t expect much pain remains.)

Even better, if you happen to be running Fedora Core 5 or Fedora Core 6, you can already lock it down to 750 and everything will work fine (they ship with some version of Dovecot 1.0). To do that browse to the Webmin System:Users and Groups module, and edit the Module Configuration. In the "Home directory options" section, set the "Permissions on new home directories" to 0750. You can also manually set all of the directories within /home to 0750 using "cd /home; chmod 750 *".

But, everyone else will have to wait until I get the packages rolled out and tested on all platforms.

Oh, yeah, I should mention…home directories are not currently “insecure”. But they are visible. It is entirely possible to run a thoroughly locked down system with current packages and permissions–but it’ll be much easier when it’s impossible not to run it locked down tightly.

Awesome, thanks!