24th January 2006, 13:49
|
|
Senior Member
|
|
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 515
Thanks: 1
Thanked 2 Times in 2 Posts
|
|
System Security
Ok I am using ISPConfig and are allowing people access to CGI and Shell
1) Can my customers use cgi to harm my system
2) Can my customers use shell access to harm my system
Thanks
|
24th January 2006, 14:01
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 19,805
Thanks: 285
Thanked 1,805 Times in 1,357 Posts
|
|
Quote:
|
Originally Posted by mphayesuk
1) Can my customers use cgi to harm my system
|
Yes, if you done use SuExec.
Quote:
|
2) Can my customers use shell access to harm my system
|
Yes. I would not give users shell access unless you recompile your SSHD to ebale chrooting of shell users and create chrooted accounts for your shell enabled users.
Olease have a look at this howto:
http://www.howtoforge.com/chrooted_ssh_howto_debian
|
24th January 2006, 14:08
|
|
Senior Member
|
|
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 515
Thanks: 1
Thanked 2 Times in 2 Posts
|
|
Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.
IF not to both how do I use it and set it up
Thanks
|
24th January 2006, 14:18
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 19,805
Thanks: 285
Thanked 1,805 Times in 1,357 Posts
|
|
Quote:
|
Originally Posted by mphayesuk
Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.
|
No. But you can enable suExec in ISPConfig under management > server > settings.
Quote:
|
IF not to both how do I use it and set it up
|
I dont know of a howto for SuSe for chrooting SSH users. Maybe google a bit or try to adapt the DEBIAN howto.
|
24th January 2006, 21:40
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,853
Thanks: 781
Thanked 1,558 Times in 1,477 Posts
|
|
Quote:
|
Originally Posted by mphayesuk
Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.
|
During ISPConfig installation you must specify /srv/www as ISPConfig's document root instead of /home/www because SuSE's suExec is compiled with /srv/www as document root. Have a look at the suExec section on http://www.howtoforge.com/perfect_setup_suse_9.3_p6
And then, you have to enable suExec in ISPConfig, as Till said.
|
25th January 2006, 11:29
|
|
Senior Member
|
|
Join Date: Sep 2005
Location: UK, East Midlands
Posts: 515
Thanks: 1
Thanked 2 Times in 2 Posts
|
|
OK.. thanks... small problem though can I re-run the SuExec and specify that /home/www is the default folder... or change a config file somewhere.... rather than re-installing ISPC to change the web folder.
Thanks
|
25th January 2006, 12:27
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 19,805
Thanks: 285
Thanked 1,805 Times in 1,357 Posts
|
|
SuExec is compiled into apache, it is not configured in a config file. If you dont want to change your web root you will have to recompile your apache webserver and set the correct web-root as configure parameter.
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 10:03.
|
English | 
Deutsch
Recent comments
1 day 1 hour ago
1 day 6 hours ago
1 day 6 hours ago
1 day 7 hours ago
1 day 8 hours ago
1 day 10 hours ago
1 day 12 hours ago
1 day 12 hours ago
1 day 13 hours ago
1 day 14 hours ago