View Single Post
  #2  
Old 1st February 2006, 10:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,488
Thanks: 813
Thanked 5,259 Times in 4,123 Posts
Default

Quote:
Originally Posted by ecorona
I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.

All website have Config.php files and those should be private files (db user and password is there)

Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.

What can i do to dissallow this?
You have to configure your linux to support chrooted SSH. Here is a howto for setting up CHRooted SSH:

http://www.howtoforge.com/chrooted_ssh_howto_debian
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote