This day we’ve had a very strange things.
A user have done this :
- Move all the contents of /home/account1/var/ in /home/account1/D?mo (** EDIT ** In fact it is not a move but a rename)
- Deleted all files in /home/account1/
- Deleted all directory in /home/account1/ (but D?mo)
So when iworx have restarded Apache, the HTTPD server didn’t start complaining for some directory missing for this vhost (the error.log for example)
We have moved the domaine.com.conf vhost config file to domaine.com.disabeld and restarted Httpd.
But I’d like to know how is it possible to do this ?
The /home/account1/var should be owned by iworx and have these authority?
drwxr-x–x 3 iworx iworx 4096 Mar 2 00:05 var
so it contentes can be moved ?
Ok it his content cannot be deleted but it can be moved ?
I understand for all others directory (less backups). A user can delete the html dir, the symlink but it is safe as it doesn’t impact the web server, but for the var content it is a pbm as if httpd doens’t find the log dir/file it crashes.
Did the user have root/SSH Access where the user may have had more permissions?
No he doesn’t
And I have tested, creating a new siteworx account, as Ithought I can’t moved/delete the var dir
I’ll try this with fielman, just to be sure
Arfff I found how he did this.
He just renamed the /home/account/var dir with his FTP client.
Move, delete var are not allow, but RENAME it is possible :\
So a user can crash the restart of httpd server (which is down a least one time per day after the stats updates)
This is on our fix list Pascal, thanks for bringing this up.
I did some testing and this is possible via the shell too. ‘mv var var2’ worked and I don’t think it should be able to. I even changed the permission to drwxr-x— and it still worked. A solution to this would be really great here. I plan on giving people small site accounts in return for sending money to support the server. The last thing I need is someone breaking the server by renaming the var folder.
yea, I been having this issue for quite awhile
any eta on this iworx guys?
I want to apologize publically to blahrus. He actually did bring this up weeks ago but in my 5 minutes of (shoddy) investigation I didn’t connect the dots. This fix will be out in the next release (July) and sorry again.
Thanks Chris, I wasn’t looking for that
Justec, you should know by now, they don’t give soild ETA’s
Oh, i know, hence my confusion to the (July). I like the it will be done when its done line Better wait form something good than something super buggy like most of EA’s games (cough cough BF2)
Any workaround for us in the meantime?
You could try to chattr the var dir +i but there is no official workaround at this time.
Typical that it wouldn’t work. Might be because I am on a VPS server though.
This is what I get.
chattr: Inappropriate ioctl for device while reading flags on var