Closed ghost closed 8 years ago
This has been mentioned countless times before on the forums, & this has been explained many many times.
Users are virtual so permissions don't actually matter. The only actual user on the system is 'root', so make sure your 'root' password is uncrackable. Folders cannot be accessed by other 'virtual users' due to the systems built in security features, i.e openbase e.t.c
As @PS2Guy says, this is not a big flaw in security as Sentora ensures a site can't access another site's files with the use of openbase_dir restrictions. This method was used because ZPanel was designed to be cross-platform with both Windows and UNIX.
Ideally we would now be using UNIX users rather than virtual users so languages other than PHP may be used safely.
I believe this would be a very large security issue on customized Sentora installations, such as re-enabling CGI etc. Users may not be aware of this if they have not read the forum.
Closing this. We will check later permission once we got the apache module revamped.
Directories in sentora have too high permissions. For example users sites, sentora build-in apps and modules have 777 by default. It's big flaw in security. It should be 750 or 751, 755.