Recently I had to fight off an intruder who had used a security leak in one of my php applications. He had added 700 MB somewhere, the
quota
command showed it, but all calls of find / -group pac00
which shows all files that belong to my own user or my subusers, who all belong to the group e.g. pac00.Another issue that I often have is that some files are created with PHP and they belong to user httpd. That means they don't show up at all on the
quota
command, which is not fair for the other users, because everyone has to pay for the used webspace.The first step is to actually find those files. I have written the script pac-du-httpd, which goes through all the users' directories and prints the filenames that are owned by httpd to a file, and also prints the overall sum size of those files. You can find the file here: pac-du-httpd.sh
The next step is to change the ownership of those files. On the support mailing list (yes, Hostsharing eG has as much open communication as any other Open Source project) there is a very useful explanation of how to delete such files:
Support Anleitung
The basic idea is: first run the script as normal PHP with user httpd, and change the file permissions so that everybody can change them, and then to run the script again, to delete the file.
In my situation though I don't want to delete the file, but would like to change the permission. I finally got this solution to work:
<?php
# first run as php file with httpd, to give permissions (chmod 0666) then run with cgi to recopy the file
$dh = opendir('./');
while( ($file = (readdir($dh))) !== FALSE )
{
if ($_SERVER["ORIG_SCRIPT_NAME"] == '/cgi-bin/phpstub')
{
copy ($file, $file.".tmp");
unlink ($file);
copy ($file.".tmp", $file);
unlink ($file.".tmp");
}
else
{
chmod($file, 0666);
}
}
?>
I first run the script to change the file permissions, and then I run it again via CGI so that it runs for the user that the files should belong to. I make a copy of the file, delete the original, and rename the copy back. This works perfectly. And for the future, I will let the PHP always run via CGI (see also Hostsharing documentation on PHP via CGI)
Another useful tool is pac-du-quota, which is referenced from the Hostsharing Documentation on Webspace.
I have extended it to also list the size of the MySQL databases, which is in my case also quite a bit of data...
Insert this in the function collectSpace just before "#Wenn User exisiteren aufsammeln":
# Mysql Datenbanken
for DB in /var/lib/mysql/${PAC}_*; do
let COUNTER=COUNTER+1
TEMP=`du -s "$DB"`
SPACE[$COUNTER]=`echo $TEMP | sed -e 's/\([^ ]*\).*/\1/g'`
NAME[$COUNTER]="Mysql_`basename $DB`"
done