#1  
Old 24th January 2006, 12:49
mphayesuk mphayesuk is offline
Senior Member
 
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 517
Thanks: 1
Thanked 3 Times in 3 Posts
Send a message via MSN to mphayesuk
Default System Security

Ok I am using ISPConfig and are allowing people access to CGI and Shell

1) Can my customers use cgi to harm my system

2) Can my customers use shell access to harm my system

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 24th January 2006, 13:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,666
Thanks: 819
Thanked 5,317 Times in 4,170 Posts
Default

Quote:
Originally Posted by mphayesuk
1) Can my customers use cgi to harm my system
Yes, if you done use SuExec.

Quote:
2) Can my customers use shell access to harm my system
Yes. I would not give users shell access unless you recompile your SSHD to ebale chrooting of shell users and create chrooted accounts for your shell enabled users.

Olease have a look at this howto:
http://www.howtoforge.com/chrooted_ssh_howto_debian
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 24th January 2006, 13:08
mphayesuk mphayesuk is offline
Senior Member
 
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 517
Thanks: 1
Thanked 3 Times in 3 Posts
Send a message via MSN to mphayesuk
Default

Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.

IF not to both how do I use it and set it up

Thanks
Reply With Quote
  #4  
Old 24th January 2006, 13:18
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,666
Thanks: 819
Thanked 5,317 Times in 4,170 Posts
Default

Quote:
Originally Posted by mphayesuk
Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.
No. But you can enable suExec in ISPConfig under management > server > settings.

Quote:
IF not to both how do I use it and set it up
I dont know of a howto for SuSe for chrooting SSH users. Maybe google a bit or try to adapt the DEBIAN howto.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 24th January 2006, 20:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Quote:
Originally Posted by mphayesuk
Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.
During ISPConfig installation you must specify /srv/www as ISPConfig's document root instead of /home/www because SuSE's suExec is compiled with /srv/www as document root. Have a look at the suExec section on http://www.howtoforge.com/perfect_setup_suse_9.3_p6
And then, you have to enable suExec in ISPConfig, as Till said.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 25th January 2006, 10:29
mphayesuk mphayesuk is offline
Senior Member
 
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 517
Thanks: 1
Thanked 3 Times in 3 Posts
Send a message via MSN to mphayesuk
Default

OK.. thanks... small problem though can I re-run the SuExec and specify that /home/www is the default folder... or change a config file somewhere.... rather than re-installing ISPC to change the web folder.

Thanks
Reply With Quote
  #7  
Old 25th January 2006, 11:27
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,666
Thanks: 819
Thanked 5,317 Times in 4,170 Posts
 
Default

SuExec is compiled into apache, it is not configured in a config file. If you dont want to change your web root you will have to recompile your apache webserver and set the correct web-root as configure parameter.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing IP on running system jlaughy Installation/Configuration 8 3rd April 2009 12:35
The PHP binary coming with ISPConfig does not work properly on your system! lykos Installation/Configuration 3 1st April 2006 07:53
Real System users exy123 General 2 12th December 2005 10:01
ISPConfig system stoped johnking Installation/Configuration 7 27th October 2005 02:37
ProFTPD potential security hole domino Server Operation 3 19th August 2005 03:25


All times are GMT +2. The time now is 11:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.