#1  
Old 17th February 2010, 06:17
ricky26 ricky26 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default /var/www/*/web Permissions

The default permissions on the web folder seem to be 710, which means even if you're in the client's group you can't alter the web content of that particular site.

This is a particular problem as my server is primarily for running other things, such as an SVN, VoIP, etc, and thus I manage the users as per a normal linux box. Not being able to alter the files in web (without chmod'ing every time, or su'ing to the webX user) is incrediby annoying.

Is there any way to alter the permissions that it sets on the web folder?
Reply With Quote
Sponsored Links
  #2  
Old 17th February 2010, 12:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,413
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Aletring the content of the site folders works fine with the default permissions. Changing them opens up security holes. Just create FTP and shell users in ispconfig if you want to edit the content of the sites, manully created shell users will not work as ispconfig uses a special setup with just one uid per website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 18th February 2010, 11:33
ricky26 ricky26 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I understand, and just allowing the client group isn't going to be a problem, as I am the only one using the server; presumably the only user that they can make use of anyway is the webX user, which only has any permissions in that folder and no login shell.

The default permissions, as they are, make it more awkward to use in tandem with a system that is mostly being used for other software. Especially things like migration are annoying with this setup as no one user (bar root) has the permission set to do the whole thing.
Reply With Quote
  #4  
Old 18th February 2010, 11:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,413
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

As I told you above, add the SSH users that you want to use to administer the system in ispconfig and not manually and you see that they will have full access to the website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 18th February 2010, 17:01
ricky26 ricky26 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

I understand that the shell users have access to the website, but they don't (and can't) have access to any other features of my server, the fact being that their UID is the one that will be used to serve my web-pages, and should there be a bug in my website, I can't let them have any access to any files other than the website. The single-UID paradigm leads to this problem.

Adding more people to the client's group, and making the web/ folder group rw doesn't incur any further security holes, as the webX user can still only access what it could before, yet I can also use my normally set up users to alter the website. Obviously, if the client has more websites, then the other shell users could access the other website, but this is a non-issue; worst case scenario, I can have only one website per client.

If there is no way to configure this, a pointer as to where it is in the source would be nice.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
File Permissions 40esp General 2 22nd June 2009 21:15
ProFTPd Permissions CarbonCopy Server Operation 6 5th May 2009 00:18
Verify proper permissions filch General 6 7th February 2009 15:05
suPHP, Joomla! 1.5, file & diretory permissions pjdevries Installation/Configuration 17 19th June 2008 02:58
Logcheck Permissions Problems Drek Server Operation 1 7th September 2007 15:43


All times are GMT +2. The time now is 22:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.