ISPConfig Web Config Questions
Hi HowToForge Community
Today I tried to have a deeper look into the ISPConfig web configuration options and came across some options I was not able to find further information.
Therefor I thought it would be best, to post my questions here.
1) Add web users to -sshusers- group
This is activated by default.
Am I right, that this is only used in combination with Jailkit? I don't want my clients to connect to my server via SSH - so would this be one I should definitely uncheck?
Or what does this exactly?
2) Connect Linux userid to webid
This is unchecked by default.
Can someone please explain to me, what this does and what for it can be useful?
3) Make relative symlinks
This is unchecked by default.
I found some information in the manual, but there are no explanations why this is useful. Again, I would really appreciate it, if someone could explain to me.
Last but not least, Enable SNI. The hint in the manual says, that this is only needed if I want to run multiple SSL on the same IP. So if I don't plan to do this, can I safely deactivate it?
Thank you all for the help!
1) You can disable that if you dont allow ssh access.
2) This is useful for multiserver mirror setups as it ensures that the web users on all mirrored servers get the same linus uid.
3) That can be useful on customized installations which use a different folder scheme and / or external storages.
Thank you for the explanations. Very kind :)
So I let everything as it was, except that I decided to allow SSH. Again, I have some questions.
I managed to get Jailkit running. However I have some security concerns.
1) Jailkit CHROOT is more secure than "NONE" CHROOT?
It's seems so. Is it?
Then, what makes me fear.
After logging in with a Jailkit account, I can see some files and folders which should not be visible/editable (I guess). I have:
/bin and all files in there seem secure to me?
/cgi-bin is empty, seems fine too?
/dev and files in there (null, tty & urandom), what is this?
/etc fear! should this dir be there? And it's content: http://www.IMG-Teufel.de/thumbs/Bild...213ea57png.png
/home makes sense :)
/lib & /lib64 again, I have no idea what the files in there are...
/usr with subfolders /bin, /lib, /sbin & share - seems fine?
/var with a folder /run - this seems to be for MySQL?
I know this is a lot of stuff.... :)
Thank you, once again.
1) Yes,jailkit is more secure. You mix up the folders here, the folders that you see in your jailkit account are not the global folders (with the same names), the folders are stripped down copies inside the jail with a minimal setup and binaries that are required to run a shell safely. So even if the jailkit user would be able to modify anything in these folders, it would not affect the server or any other website.
Oki doki. Puh.. :)
Very last question (I hope so) in (jailkit):
/etc/group there is:
and in /etc/passwd:
Are the root entries required or is it safe to remove them? I guess the time there are more ssh users, they will all be listed...
Thank you and please apologize stealing your time.
I am still in early learning stadium.
The root entry is required in the jail. If you like to know more about jails with jailkit, see jailkit homepage.
|All times are GMT +2. The time now is 21:49.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.