Hi,
Since the latest update, every time I open the file manager as admin I got an email security alert:
*** SECURITY information for cp.liby.hu ***
cp.liby.hu : Feb 12 11:14:57 : hestiaweb : a password is required ; PWD=/usr/local/hestia/web/fm/dist ; USER=root ; COMMAND=/usr/bin/chmod o+x /home/Liby/.ssh
after checking the auth.log I found the following messages:
Feb 12 11:14:57 cp sudo: hestiaweb : PWD=/usr/local/hestia/web/fm/dist ; USER=root ; COMMAND=/usr/local/hestia/bin/v-add-user-sftp-key Liby 30
Feb 12 11:14:57 cp sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1004)
Feb 12 11:14:57 cp sudo: pam_unix(sudo:session): session closed for user root
Feb 12 11:14:57 cp sudo: pam_unix(sudo:auth): conversation failed
Feb 12 11:14:57 cp sudo: pam_unix(sudo:auth): auth could not identify password for [hestiaweb]
Feb 12 11:14:57 cp sudo: hestiaweb : command not allowed ; PWD=/usr/local/hestia/web/fm/dist ; USER=root ; COMMAND=/usr/bin/chmod o+x /home/Liby/.ssh
A quick search showed, that this commands come from hestia/web/fm/configuration.php line 188
// filemanager also requires .ssh chmod o+x ... hopefully we can improve it to g+x or u+x someday
// current minimum for filemanager: chmod 0701 .ssh
shell_exec("sudo chmod o+x " . quoteshellarg("/home/" . basename($v_user) . "/.ssh"));
Everything seems to work fine (at least for me), it is just an annoying to get a mail every time I access the file manager.