Security: improvements to strict_backup_permissions - MAJOR CHANGES

Version 1.44.0

Feature
Finished

Related features: http://www.directadmin.com/features.php?id=1061 http://www.directadmin.com/features.php?id=956 These changes apply when the apache owned files list is enabled (which it is by default) and when the strict_backup_permissions are enabled. The new internal default will now be: strict_backup_permissions=1 for better security. You can set it to 0 if you need to go back to the old backup method, but adding the following to your directadmin.conf: strict_backup_permissions=0 Previous issues with the strict_backup_permissions feature were that it could not read apache owned files or folders if they were not chmod to 644 or 755. For these reasons, the strict_backup_permissions option was not made default. Changes to this feature will go through all data in: /home/username/domains and will do check to see which ones the username (DA account) cannot read. A second data list will be created: backup/non_readable_files.list DA passes this file to tar with: --exclude-from backup/non_readable_files.list so that the files are not included, thus won't throw an error during the backup. DA then copies these files to a new data location: non_readable_files which sits next to "backup" and "domains" at the top level. note that paths in non_readable_files.list have domains/ as a prefix, so that the tar option: --exclude-from FILE doesn't match the files DA manually copied... else DA's files in backup/non_readable_files would also be excluded from the tar.gz. If any file is chmod to 0, when the file is copied, it will be set to 600 (directories to 700).. as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0. They'll be left as 600 (700 for dirs). Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User. You can avoid the overhead from this feature by setting your apache owned files to 644, so tar can read them and they won't get copied. Other cleaner options are to use suPhp or mod_ruid2 (or equivalent) so that you don't have any files owned by apache (as apache owned files really just makes a mess of things) --------------- All of these extra steps are run if this option is enabled. This is the internal default (enabled): add_non_readable_files_to_strict_backup=1 it can be disabled by adding it to the directadmin.conf and setting it to 0: add_non_readable_files_to_strict_backup=0 This feature will only be used if the following settings are enabled: strict_backup_permissions=1 This related option will use the same tree parsing: backup_apache_files_list=1 so either add_non_readable_files_to_strict_backup or backup_apache_files_list will cause a full /home/user/domains directory traversal. Credit to www.Rack911.com for reporting the issues with the backup system, and need for improvements to this feature.

Interested to try DirectAdmin? Get a 30-day Free Trial!