View Single Post
  #2  
Old 29th August 2011, 11:37
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,596 Times in 4,407 Posts
Default

Where is the benefit of this solution compared with the current setup? Currently the shell users of the website can edit the website files, as all shell users share the same userid. If the users have a different userid, you will have to setup separate home directories for the users and seprarate jailkit jails etc., this will prevent the users from accessing the website files as they will not be able to leave their jail.

For security reasons, the goal was that group write permissions are not required for a website. If we change that, a website that has mod_php enabled can be used to hack all other websites or if there is a hack e.g. in phpmyadmin, the hacker can take over all websites then.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 29th August 2011 at 12:00.
Reply With Quote