Control Web Panel
WebPanel => CentOS-WebPanel Bugs => Topic started by: ripieces on February 11, 2016, 06:03:16 AM
-
Hello, all my users share the same "default" package.
*** Report for user quotas on device /dev/vzfs
Block grace time: 00:00; Inode grace time: 00:00
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
[...]
amira -- 111M 1000M 1000M 8070 0 0
vgs -- 134M 1000M 1000M 16303 0 0
srdent -- 137M 1000M 1000M 16492 0 0
[...]
I created the user amira first and uploaded over 40 MB
Then I created vgs, which atm should be empty.
Then I creaded srdent, which should be empty too atm.
How is this even possible :O
The only awkward things I did is
- edited the package after and "(Update quota for all users using this package, also disables inode limits !)"
- entered CWP users using the root pw
Edit: I am using CWP version: 0.9.8.11
-
I did a
find / --user srdent
and it owned the whole
/tmp/php-build/
and
find / --user vgs
and it owned thw whole
/usr/local/src/cwp/php-5.4.27/
and
find / --user amira
and it owned the whole
/tmp/apache-build/httpd-2.2.27
/usr/local/apache/man/man1/*
/usr/local/apache/man/man8/*
/usr/local/apache/cgi-bin/*
/usr/local/apache/error/*
/usr/local/apache/icons/*
/usr/local/cwpsrv/man/man1/*
/usr/local/cwpsrv/man/man8/*
/usr/local/cwpsrv/cgi-bin/*
/usr/local/cwpsrv/error/*
/usr/local/cwpsrv/icons/*
/usr/local/src/cwp/httpd-2.2.27/
example:
[root@xxx cwp]# pwd
/usr/local/src/cwp
[root@xxx cwp]# ls -la
total 24200
drwxr-xr-x 6 root root 4096 Feb 8 19:34 .
drwxr-xr-x 4 root root 4096 Feb 8 19:38 ..
drwxr-xr-x 28 1000 1000 4096 Feb 8 19:32 apr-1.5.1
-rw-r--r-- 1 root root 1020833 Apr 19 2014 apr-1.5.1.tar.gz
drwxr-xr-x 20 1000 1000 4096 Feb 8 19:33 apr-util-1.5.3
-rw-r--r-- 1 root root 874462 Nov 16 2013 apr-util-1.5.3.tar.gz
drwxr-xr-x 12 amira amira 4096 Feb 8 19:33 httpd-2.2.27
-rw-r--r-- 1 root root 7519677 Mar 18 2014 httpd-2.2.27.tar.gz
drwxr-xr-x 17 vgs games 4096 Feb 8 19:37 php-5.4.27
-rw-r--r-- 1 root root 15333755 Apr 4 2014 php-5.4.27.tar.gz
-
I fixed the permissions and ownership manually and now the quotas make much more sense:
[root@xxx /]# repquota -a -s
*** Report for user quotas on device /dev/vzfs
Block grace time: 00:00; Inode grace time: 00:00
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
...
amira -- 49536 1000M 1000M 1449 0 0
vgs -- 40 1000M 1000M 9 0 0
srdent -- 40 1000M 1000M 9 0 0
...
#119 -- 8420 0 0 345 0 0
#507 -- 19036 0 0 26 0 0
#1000 -- 8 0 0 2 0 0
The user #1000 is from my VPS.
However I wonder where #119 and #507 come from, they own CWP installation files!
Not only is it wasting CWP user's quotas, but also
this whole file owning issue is a severe security issue in case of shell access for CWP users and needs to be addressed!
What will prevent it from happening again?
I guess nothing?
(Also it should be considered to change the default umask for the root user to 700 instead of 755, if possible.)
-
I just found this post:
http://forum.centos-webpanel.com/centos-configuration/how-to-setup-user-quotas/msg5765/#msg5765
And the user that posted his repquota there has these strange users too.
I am not sure, but maybe it's a problem with the way the tar.gz source files are untared? Meaning it restores the original user ID, instead of using the root or whatever user should be used!?
-
this are default php/apache packages, but we will repack them with root ownership this week
-
Thank you very much for your reply
I am not sure of this will save you some time, but maybe you can just simply use the tar options when extracting instead of re-packaging them:
--no-same-owner
extract files as yourself (default for ordinary users)
--no-same-permissions
apply the user's umask when extracting permissions from the archive (default for ordinary users)
Source: http://linux.die.net/man/1/tar
Maybe that is sufficient already (accroding to the manual, these are default, except for root).
-
fix is added in scripts