Not an attack exactly, but interruption of service. It’s far too easy for an inexperienced admin to accidentally edit an SSL cert file if it’s under their home directory.
Not unless files have immutable flag imposed by root?
That introduces more complexity though, like making it hard for backups of the home directory run as the domain owner to work.
Thanks for clearing this up.
Also, there are systems Virtualmin runs on that don’t support the immutable attribute, so it’s best to get the behavior we want just using regular Unix permissions.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.