security concerns from a new user

[cpg]

Dear AMAHI Team,

first of all: Congratulation to this simple to install home server system!

But to be frank I am concerned if Amahi is a safe and secure system?
There have been some issues today that cut my trust a bit.

Issue 1:
I installed AjaXplorer as user A. When I logged into my HDA as user B AjaXplorer gave me access to all files even to those I had no permission to (e.g. files of user A).

Issue 2:
On my HDA machine each user can browse through all linux directories and system files. Shouldn't this be possible only for the root?

I know AMAHI stuff will not be interested in my files and probably all that are worries of of a newbie who is not very experienced in Linux.

Maybe you can give me back my confidence

And a question: Do I have to modify the firewall of my HDA? I noticed that it is deactivated.

Thanks a lot.

Alf

[moredruid]

as far as issue 2 goes:
depending on certain permissions you can look everywhere in a unix/linux system. that doesn't mean you can modify the things you can see though. home directories are usually more restrictive, depending on the permissions scheme. this is perfectly normal for a unix/linux operating system. I think it encourages users to look around and understand what's happening, even though they can't modify/mess up the system.

[fikse]

So, in loss of answers of this question, it might seems that security is not a prioritised task for the Amahi.
I is/was interested in this homeserver thing, it is/was tempting. I have used several Linux-based firewall / all-in-one servers for several years now, the last 3-4 years with ClarkConnect/ClearOS. Pretty happy with it, very easy to make a secure enviroment for both kids and adults, easy to block the bad sites, restrict peer-to-peer downloads, and also with mailserver, antivirus, antiphishing, intrution prevention, webserver, and alot more. But, it is rather complicated to get up'n'running with other software. No plugins there! You got to have a more than basic understanding of linux to make all you want to work properly. For this I dont have much time. The Amahi looked like the solution for me, really!
But so far Ive not found any specific info regarding Amahi and security? Is it possible to have a advanced firewall at all? Filters? Access control?

Pleas convince me to select Amahi

[rampage537]

Amahi was never intended to be out on the internet, it is secure if left and used as intended being a home server. For access from the outside to get to/use your apps I would suggest using VPN instead of having it on the internet.
Security is always a concern with Amahi, but how do we deal with all the possible security issues with all the apps? This is why it's best left in a intranet and not on the internet.

[fikse]

OK. Thanks for the info. Nice to know...

[rampage537]

Maybe in the future we will add more features, right now the team is small. If you are interested in helping in some way please let use know

[fikse]

Maybe in the future we will add more features, right now the team is small. If you are interested in helping in some way please let use know

For my case I dont think I could help so much. Im not a Linux-head, far from I can only think of a box, with a combination of yours fantastic Amahi, and i.e. ClearOS/ClarkConnect, or other opensource firewall solution. I know several would say that its no good to combine a firewall with several applications like web/email, but AFAIK the CO/CC is pretty solid. The CO/CC is also based on installable modules, but its maingoal is not a homeserver, more to act as a all-in-one solution for companys and home. Since its based on opensource Linux distro (CentOS/RH), its possible to let it do whatever you want, but then you have to be more than average competent in programming.

Sorry Im not able to help further!

Regards
Bent, Norway