View Single Post
  #2  
Old 29th August 2011, 10:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,503
Thanks: 813
Thanked 5,264 Times in 4,128 Posts
Default

Where is the benefit of this solution compared with the current setup? Currently the shell users of the website can edit the website files, as all shell users share the same userid. If the users have a different userid, you will have to setup separate home directories for the users and seprarate jailkit jails etc., this will prevent the users from accessing the website files as they will not be able to leave their jail.

For security reasons, the goal was that group write permissions are not required for a website. If we change that, a website that has mod_php enabled can be used to hack all other websites or if there is a hack e.g. in phpmyadmin, the hacker can take over all websites then.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 29th August 2011 at 11:00.
Reply With Quote