HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=33)
-   -   ISPConfig 3 questions (http://www.howtoforge.com/forums/showthread.php?t=13517)

till 19th June 2007 17:18

ISPConfig 3 questions
 
Hi,

I'am just searching for the best folder layout for ISPConfig for the websites. My Idea is to implementing it like this:

/var/clients/client[client_id]/web[website_id]/

And then have 2 symlinks for easier shell navigation:

/var/www/[website_domain]/ => /var/clients/client[client_id]/web[website_id]/
/var/clients/client[client_id]/[website_domain]/ => /var/clients/client[client_id]/web[website_id]/

Example:

A website "www.mydomain.com" which has the internal ID 22 and belongs to the customer with the ID 5.

Directory:

/var/clients/client5/web22/

Symlinks:

/var/www/www.mydomain.com/ => /var/clients/client5/web22/
/var/clients/client5/www.mydomain.com/ => /var/clients/client5/web22/

Please post your Ideas and comments on this.

A second question:

a) Shall we create a sytem user for every client, so all websites of a client belong to the same linux user.
b) Shall there be a system user for every website and a linux group for the client. All website users of this client belong to the group of the client.

My preference is b)

bagpiperdude90 22nd June 2007 22:14

I like the idea of the folder layouts.

However, for the system users and groups... I don't see why option b would be better than a. To me, it looks like all we do is add some more users and groups, but, what would I see on my end, or the client see on his end, that would be improved by that?

Or is it just for organization?

melwood 25th June 2007 10:12

Quote:

Originally Posted by till

/var/clients/client[client_id]/web[website_id]/

a) Shall we create a sytem user for every client, so all websites of a client belong to the same linux user.
b) Shall there be a system user for every website and a linux group for the client. All website users of this client belong to the group of the client.

My preference is b)

If I assign more then one website to one use, why would I want more than one system user? This only complicates things for the end-user.

If a user needs more freedom he needs to be a reseller.

Please make it simple for the end-user!

So I definitely prefer option a)

For the directory structure:

Why not use "/var/clients/client[client_id]/[website_domain]/" also? It's much more human readable.

melwood

till 25th June 2007 12:50

Quote:

If I assign more then one website to one use, why would I want more than one system user?
Thats a question of security. If one client has lets say 20 websites and all websites have the same user, then he will loose 20 sites if one of the sites get hacked e.g. trough a insecure forum or cms system. If every site has its own system user, only one site will be affected.

The drawback is that the user will have to use a separate FTP login for every site, but this can be circumvented if the user says that he wants to access all sites with one user, he can make the files group writable for the client group.

melwood 25th June 2007 13:00

Quote:

Originally Posted by till
The drawback is that the user will have to use a separate FTP login for every site, but this can be circumvented if the user says that he wants to access all sites with one user, he can make the files group writable for the client group.

If it is possible to access all sites with one ftp-account then go for option b)

melwood

bpssoft 30th October 2007 10:05

I prefer this:

/var/www/www.mydomain.com/ => /var/clients/client5/web22/
But is the following also possible?
/var/www/[client_username]/[domain]/ ?

And choose B is better, because security issues.

till 30th October 2007 22:32

b) is the current implementation and the symlinks are configurable.

satommy 31st October 2007 22:46

Hey

Human readable would be great for the webdirs.
Maybe using a chrooted jail for the shell access is an option??

Further on I discovered a small mistake in the wblist php file. I have not yet used a svn upload ever, so can anyone tell me how to, or can I upload the files or the mistake anywhere else?

Thnx

till 31st October 2007 23:19

Quote:

Maybe using a chrooted jail for the shell access is an option??
This will be avilable as option and it isrecommended to use it. But as the common linux distribution have no sshd which supports chrooting by default, we can not make this the defualt option.

Quote:

Further on I discovered a small mistake in the wblist php file. I have not yet used a svn upload ever, so can anyone tell me how to, or can I upload the files or the mistake anywhere else?
If you use windows on your desktop, tortoesesvn is a nice SVN client which integrates perfectly into the file explorer.

You may also post the cahnged lines from the wblist file here, if it is just a minor change.

satommy 1st November 2007 14:02

The php mistake I found was in the spamfilter files. So users could not edit there spam white, and blacklists. the word "limit_" was written twice.

Bothe files the same line:

spamfilter_whitelist_edit.php
spamfilter_blacklist_edit.php

line 66:

was:

if($client["limit_limit_spamfilter_wblist"] >= 0) {

has to be:

if($client["limit_spamfilter_wblist"] >= 0) {


All times are GMT +2. The time now is 22:29.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.