Merge pull request #1947 from jaapmarcus/fix/limit-fm-access-when-ssh-access-enabled

Improve security FM

CHANGELOG.md

@@ -18,6 +18,7 @@ All notable changes to this project will be documented in this file.
 - Set "default" when WEB_TEMPLATE and PROXY_TEMPLATE is missing in user.conf 
 - Add BACKEND_TEMPLATE to default package
 - Fix possible error occur for v-rebuild-cron-jobs #1943 (thanks @clarkchentw)
+- Restrict access Filemanager when SSH is enabled for the user
 
 ## [1.4.3] - Service release
 

install/deb/filemanager/filegator/configuration.php

@@ -34,12 +34,20 @@ $dist_config['services']['Filegator\Services\Storage\Filesystem']['config']['ada
             }
         }
 
+        preg_match('/(Hestia SFTP Chroot\nMatch User)(.*)/i', file_get_contents('/etc/ssh/sshd_config'), $matches);
+        $user_list = explode(',', $matches[2]);
+        if(in_array($v_user,$user_list)){
+            $root = '/';
+        }else{
+            $root = '/home/'.$v_user;
+        }
+      
         return new \League\Flysystem\Sftp\SftpAdapter([
             'host' => '127.0.0.1',
             'port' => intval($_SESSION['SFTP_PORT']),
             'username' => basename($v_user),
             'privateKey' => '/home/'.basename($v_user).'/.ssh/hst-filemanager-key',
-            'root' => '/',
+            'root' => $root,
             'timeout' => 10,
             'directoryPerm' => 0755,
         ]);