HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSH, users from web1 can read files from web2, web3, web4 (http://www.howtoforge.com/forums/showthread.php?t=2332)

ecorona 1st February 2006 05:28

SSH, users from web1 can read files from web2, web3, web4
 
I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.

All website have Config.php files and those should be private files (db user and password is there)

Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.

What can i do to dissallow this?

Any solution?

till 1st February 2006 10:28

Quote:

Originally Posted by ecorona
I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.

All website have Config.php files and those should be private files (db user and password is there)

Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.

What can i do to dissallow this?

You have to configure your linux to support chrooted SSH. Here is a howto for setting up CHRooted SSH:

http://www.howtoforge.com/chrooted_ssh_howto_debian

ecorona 1st February 2006 19:41

is this compatible with the ISPConfig?
 
My server is already in production mode, hostin 20 websites as I said before.

If I reinstall this new chrooted ssh will be in normal operation?

As i read, to create a new chrooted user is a diferent step from normal.

useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

And they go to a diferent home, so i thing its may possible if we reconfigure ISPconfig user management.

Is this right? some one tryed this before?

falko 1st February 2006 20:48

Quote:

Originally Posted by ecorona
My server is already in production mode, hostin 20 websites as I said before.

If I reinstall this new chrooted ssh will be in normal operation?

Yes. But keep in mind that the tutorial was written for Debian do if you use another distribution steps might differ a little bit.

Quote:

Originally Posted by ecorona
As i read, to create a new chrooted user is a diferent step from normal.

useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

And they go to a diferent home, so i thing its may possible if we reconfigure ISPconfig user management.

Is this right? some one tryed this before?

Instead of /home/chroot you could use /home/www, /var/www, etc. But it's true, you need manual interaction. You can create the user in ISPconfig, but afterwards you must edit /etc/passwd to put the dot into the path to the user's homedir.


All times are GMT +2. The time now is 01:47.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.