Hardening the system without breaking ISPConfig
First of all, I'll list what I want to do and proceed with the issues I've encountered.
- Prevent users from reading eachothers directories and subdirectories. <- Is this solvable without implementing ssh chroot?
- Diskquotas reportable by "quota"
chmod 711 /var/www/web* <- will prevent people from listing the initial subdirectories however it will not prevent people to pry into subdirectories with lax chmod like 755 etc.
chmod 700 /var/www/web* <- will do some extra work but will prevent apache from displaying the sites.
Setting either of these chmod's will break ispconfig's ability to see disk statistics for the users. Even if the sudo option for du is activated in ispconfig's configuration-file.
Also if quota is activated on the system it doesnt seem to use diskquotas for the users? how so?