I am testing ispconfig3 for to decide if it's good solution for my servers.
I see some security problems:
No limits resources per client (/etc/security/limits.conf). But is not critical because i can add "a check" if new client is added for create new limit config in crontab.
debian5:/var/www/clients# ls -lah
drwxr-xr-x 5 root root 4.0K 2009-06-23 12:31 .
drwxr-xr-x 7 root root 4.0K 2009-06-24 01:12 ..
drwxr-xr-x 3 root root 4.0K 2009-06-23 12:09 client1
drwxr-xr-x 3 root root 4.0K 2009-06-23 12:25 client2
drwxr-xr-x 3 root root 4.0K 2009-06-23 12:31 client3
debian5:/var/www/clients# ls -lah client3/
drwxr-xr-x 3 root root 4.0K 2009-06-23 12:31 .
drwxr-xr-x 5 root root 4.0K 2009-06-23 12:31 ..
lrwxrwxrwx 1 root root 30 2009-06-23 12:31 lili.com -> /var/www/clients/client3/web3/
drwxr-xr-x 14 root client3 4.0K 2009-06-23 14:06 web3
Everybody can see all files of other clients.
Yes, if we are using mod_php we can disable functions (exec, system, shell_exec, readfile, passthru, escapeshellcmd, proc_open, posix_uname, posix_getuid, posix_geteuid, posix_getgid, getcwdi, show_source, proc_open)
But if we are using suexec, we dont have this limitation and our files aren't secure.
open_basedir is not implmented for mod_php option (safe_mod = On, is not useful for my)
We have full access to the root filesystem from php.
I tried configure chroot on suphp but i didn't have good end. i Think we can configure this enviroment:
Root file system. We can to have apache2 + mod_chroot + suexec + mysql here
This is a root chroot system installed by... hand?, debootstrap?
It's the root fs for ssh access. Its working very good
For everything work, we must move original dirs from real fs / to chroot fs /var/www/ and after create ln. Example:
mv /usr/local/ispconfig /var/www/usr/local/ispconfig
ln -s /var/www/usr/local/ispconfig /usr/local/ispconfig
The same for apache and php
We dont need move mysql dir, but we wont use local scoket connection we must use tcp (127.0.0.1 or your real ip)
CAREFUL when you update the system!!! maybe simbolic links will be removed!
About the crontab for ispconfig user will work good i think.
I didn't test this solution because i am searching solution for point 2 and 4. They are critical for me.
Any idea for fix this problems?