What access permissions should be applied to /home/admispconfig

Any user that can access SSH can browse to that directory and read files.

Also, SSH users can browse to the /srv/www/web* directory of any other host and read their files. How can I have this protected by default when the account is created?

Thanks

There is nothing that a SSH user might see in /home/admispconfig/ that he can not see when he downloads the ISPConfig installer tar.gz, all login information and passwords are protected. You must enable SSH chrooting. Please search the forum for "chroot ssh" for detailed instructions.

Thanks. Didn't realise I'd double posted.

Installed ssh with chroot, followed instructions per debian how to

ISPConfig with chroot off:

web4_admin:x:10004:10004:admin:/srv/www/web4:/bin/bash

ISPConfig with chroot on:

web4_admin:x:10004:10004:admin:/srv/www/web4/./:/bin/bash

When its turned on, the shell exits immediately. What's gone wrong?

Any errors in your logs?

None in /var/log/messages

And in the other logs, e.g. /var/log/auth.log?

I don't actually have that log file. the ones I can see are:

__________________________________________________ _________
YaST2 evms-engine.log mcelog zmd-backend.log
acpid faillog messages zmd-backend.log-20070627.bz2
apache2 httpd mysqld.log zmd-backend.log-20070629.bz2
apparmor ispconfig_install.log news zmd-backend.log-20070630.bz2
audit krb5 ntp zmd-messages.log
boot.log lastlog scpm zmd-messages.log.2007-06-26
boot.msg mail smpppd zmd-messages.log.2007-06-27
boot.omsg mail.err warn zmd-messages.log.2007-06-28
cups mail.info wtmp zmd-messages.log.2007-06-29
evms-engine.1.log mail.warn xferlog
__________________________________________________ ___________

/var/log/messages was the only place I could find any ssh logging