Cage Configserver CSX quaranteen ?
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Richard Hordern
  2. 23.03.2013
  3.  Subscribe via email
Hello,

Configserver CSX requires that a directory be put in chmod 1777 for it's quarantine, however this means that all users on the server can read it's contents.

You have to specify the path of this quarantine, by default they suggest /home/safe

CSX creates the following folders when it quarantines a file :

/home/safe/scan/[username]/

The [username] file is only created when CSX finds a file to quarantine. Users that don't have a quarantined file don't have a folder.

Is there a way to add /home/safe/scan/[username]/ to cagefs and restrict each user to his own quarantine (and not allow his to see other folders in /home/safe/scan/ ?
Rate this post:
  1. 24.03.2013 07:03:23
  2. # 1
Richard Hordern Accepted Answer
Posts: 219
Joined: 19.03.2011
0
Votes
Undo
In the documentation I see :

http://docs.cloudlinux.com/index.html?base_home_directory.html

Woud simply adding : 
^/home/safe/scan/
to /etc/cagefs/cagefs.base.home.dirs 

do what I'm looking for ?

does it matter if /home/safe/scan/{USERNAME} doesn't exist ?

Thanks
  1. 25.03.2013 14:03:17
  2. # 2
Anton Volkov Accepted Answer
Posts: 47
Joined: 03.04.2012
0
Votes
Undo
Hi!

[size=2]You can not copy or mount anything inside \"base\" home directory except home directory of the user.
Base home directory of users is /home (in your case).
So, /home directory in CageFS can contain only home directory of the user but nothing else.
[/size]
cagefs.base.home.dirs will not solve the problem.

You should configure CXS to use directory that is out of /home (for example /cxs/scan).

Then, add line to /etc/cagefs/cagefs.mp file:
@/cxs/scan,1777

And then execute in order to remount CageFS:
cagefsctl --remount-all

After that every user in CageFS will have his own /cxs/scan directory.
These directories are created when user enters to CageFS for the first time (after remount of CageFS).
So, you can force creation of that directory for user \"username\" by executing
su -s /bin/bash -c \"echo\" username

These directories are actually located here (in real system):
/home/user/.cagefs/cxs/scan
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.