View Single Post
  #3  
Old 13th December 2011, 16:22
e100 e100 is offline
Junior Member
 
Join Date: Sep 2010
Posts: 12
Thanks: 1
Thanked 5 Times in 1 Post
Default

Quote:
Originally Posted by till View Post
Your setup is nice for websites that are not maintained by the customer, but its not a option for the majority of web hosters. So its unlikely that we will implement such a permission scheme as default as most customers that bought a webspace will report their web as broken if they run a php script and this script cant write to the web folder and also your setup disables the update functions in most cms systems. And running a joomla/wordpress/typo3/Drupal without updates is not a good idea.
You do have a good point, that the current setup is easier for customers.
I also do not have a problem telling them to chmod the folders that need to be written by apache.

Are there any changes you would accept that would allow ISPConfig admins to choose a more restricted setup vs the current setup?

Another method would be to create a 2nd user account for each site that is in the same group, then use that user account in the vhost.conf.master.
Code:
    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId <tmpl_var name='system_user'>_web <tmpl_var name='system_group'>
    </IfModule>
If the 2nd user with "_web" appended was always created, it would cause no harm by those who choose not to use it. For those of us who choose to use it we would only need to edit vhost.conf.master.
No need to chmod g+s with this approach but how to handle quotas for this additional user is a bit of an issue.
Reply With Quote