View Single Post
Old 1st February 2006, 11:28
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts

Originally Posted by ecorona
I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.

All website have Config.php files and those should be private files (db user and password is there)

Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.

What can i do to dissallow this?
You have to configure your linux to support chrooted SSH. Here is a howto for setting up CHRooted SSH:
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote