PDA

View Full Version : group write privileges on web dirs


bambam82
27th October 2010, 15:20
Hi,

i would suggest to have group write privileges on all webdirs because of the following:
For example:
We have a client. This client has multiple websites. He wants to control these websites via 1 FTP user. In the options you can point to /var/www/clients/client1 instead of /var/www/clients/client1/web1.
But you are only allow to write to web1 because that is your current user. You are not allowed to write to web2, because other directories don't have the group write bit set....

It is possible to change this for a current directory, but when a change occurs, your settings are gone again.

This change doesn't have impact on the security because it is still the same user/client.

Could this feature be added in the next release?

Many thanks. Bart Dorlandt

bambam82
27th October 2010, 15:23
Oh....

I just saw we will need to change the subdir "web" also to have group read access. This would help me and my client a lot.

till
27th October 2010, 17:21
This change doesn't have impact on the security because it is still the same user/client.

This has a impact on security and thats why we do not use group write access in ISPConfig. It makes a big difference if a client has ten sites and one of them gets hacked. With the current setup, this affects only one site. With your modification, it will affect all sites and all sites have to be reinstalled. Additionally, some security extensions for apache will not start with group writable permissions.

bambam82
27th October 2010, 17:32
Hi,

i'm sorry you're right. good point.