View Single Post
Old 12th September 2008, 22:06
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts

I see. from the usability standpoint, ispconfig should fail the action if the directory/user does not exist instead of succeeding with the default value.
Maybe I remove the option to change the user and path until the final version.

when I create a shell user, I am associating it with a site and not with a client.
this means that for a client with multiple sites, I will have to create a user for each site. this is cumbersome.
is it possible to create a shell user for a client, which will have access to all the client sites?
This is a matter of security. If all sites of a client share the same user, they will all be affected of a hack if one of the sites get hacked as the scripts of the site run under this user. neverthesless, all sites of a user share the same group, so als long as your files are grup writable, it can be accessed by the same user.

any idea what suphp is not patched with this by default?
This question you will have to ask the maintainer of the suphp packages. I have removed the suphp_UserGroup directive now. But this is not as secure as the configuration with Usergroup.

Without suphp_UserGroup setting, the php scripts are run under the user that owns the files. This is genrally fine as long as you uploaded the files with the correct user. But in case you (as root admin) coped some files from another website and forgot to chown the files, they will get wrong access priveliges, with suphp_UserGroup setting you would have got a 500 error in this case.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote