Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st February 2006, 05:28
ecorona ecorona is offline
Junior Member
 
Join Date: Jan 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation SSH, users from web1 can read files from web2, web3, web4

I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.

All website have Config.php files and those should be private files (db user and password is there)

Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.

What can i do to dissallow this?

Any solution?
Reply With Quote
Sponsored Links
  #2  
Old 1st February 2006, 10:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,202
Thanks: 829
Thanked 5,422 Times in 4,264 Posts
Default

Quote:
Originally Posted by ecorona
I have web1 to web20 and some domains have SSH access, but i've noticed that they can access to /var/www and so they can read files from all websites.

All website have Config.php files and those should be private files (db user and password is there)

Files from other websites have a 744 perm's, if i change to 740 then www-data can't read them and so on apache.

What can i do to dissallow this?
You have to configure your linux to support chrooted SSH. Here is a howto for setting up CHRooted SSH:

http://www.howtoforge.com/chrooted_ssh_howto_debian
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st February 2006, 19:41
ecorona ecorona is offline
Junior Member
 
Join Date: Jan 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default is this compatible with the ISPConfig?

My server is already in production mode, hostin 20 websites as I said before.

If I reinstall this new chrooted ssh will be in normal operation?

As i read, to create a new chrooted user is a diferent step from normal.

useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

And they go to a diferent home, so i thing its may possible if we reconfigure ISPconfig user management.

Is this right? some one tryed this before?

Last edited by ecorona; 1st February 2006 at 19:47.
Reply With Quote
  #4  
Old 1st February 2006, 20:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by ecorona
My server is already in production mode, hostin 20 websites as I said before.

If I reinstall this new chrooted ssh will be in normal operation?
Yes. But keep in mind that the tutorial was written for Debian do if you use another distribution steps might differ a little bit.

Quote:
Originally Posted by ecorona
As i read, to create a new chrooted user is a diferent step from normal.

useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

And they go to a diferent home, so i thing its may possible if we reconfigure ISPconfig user management.

Is this right? some one tryed this before?
Instead of /home/chroot you could use /home/www, /var/www, etc. But it's true, you need manual interaction. You can create the user in ISPconfig, but afterwards you must edit /etc/passwd to put the dot into the path to the user's homedir.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Random "forbidden" error with websites kokez Installation/Configuration 33 24th July 2007 13:21
upload fails with joomla CMS robd Installation/Configuration 7 19th July 2006 01:13
Users Cannot Delete Files in FTP Ran2004 Server Operation 9 19th January 2006 06:36
Problems installing CMS joomla ratebri Installation/Configuration 17 6th December 2005 19:33


All times are GMT +2. The time now is 17:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.