Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Feature Requests

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st January 2012, 02:06
Jemt Jemt is offline
Junior Member
 
Join Date: Jan 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Important feature requests (security)

Hello developers.

First, allow me to thank you for an awesome product with great potential. I managed to configure a brand new server and get a pretty good insight into how ISPConfig works in about 6-7 hours. I like how simple it is, yet packed with lots of great features.

Now, to my feature requests.

1) As far as I understand, [Fast-]CGI is the recommended way of integrating PHP, as scripts are executed with user privileges - but only as long as SuEXEC is enabled (right?). Unfortunately a client may choose not to enable SuEXEC, leaving [FAST-]CGI just as "open" as mod_php (forcing me to use PHP SAFE Mode). I would very much like to be able to force the use of SuEXEC. Either within ISPConfig, or using a configuration file (is that possible?).

2) I don't want my clients being able to enable CGI, Ruby, Python, SSL etc. for their websites, but there seems to be no options to disable these features. Again, I feel the client has too much to say in this matter.

3) I'm able to set quota for websites and e-mail accounts, but not for FTP accounts - again, the client can enter a MB value to his or her liking. Could you have it respect the quota for websites?

4) I wasn't able to remove a SSL certificate created for one of my websites. I chose "Delete certificate" from the drop down and Saved the website, but the certificate was not removed. I had to remove the entire website.

5) Why is it possible to edit ordinary client accounts under System > Edit user, when such behaviour may damage data? It should be possible to only display admin accounts (if those are safe to edit).

I hope this does not sound like a lot of complaining. I'm nearly trying to help you guys improve the product. On the other hand there's a chance my problems can be solved using alternative measures (in that case, please enlighten me).

Again, thank you very much for the great work that has been put into ISPConfig and the huge manual.

Best regards
Jimmy Thomsen
Reply With Quote
Sponsored Links
  #2  
Old 22nd January 2012, 20:55
Jemt Jemt is offline
Junior Member
 
Join Date: Jan 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello again.

I have now been working with ISPConfig for a couple of days now, and I've realized that I'm probabaly wrong regarding bullet 1).

SAFE Mode does not seem to be necessary (or appropriate), as open_basedir and Suhosin takes care of most security related problems. Please correct me if I am wrong. However, I still don't think the client should be able to determine whether to use SuEXEC or not.

Jimmy
Reply With Quote
  #3  
Old 23rd January 2012, 08:29
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,573
Thanks: 792
Thanked 4,980 Times in 3,901 Posts
 
Default

1) Safemode is deprecated and will be removed in new PHP versions.It has been replaced by more granular security functions like open_basedir, disable_functions etc. Please see PHP manualfor details. Beside that, see 2).

2) If you create a website as administrator for the client, then the client can not alter these settings.

3) The FTP quota is always as "sub" quota of the website quota, so even if you set it to -1 the client can not upload more data then you set in the web quota.

4) I will check that, but deleting the cert here with ISPConfig 3.0.4.2 works for me.

5) These settings are required and useful for advanced users. If you are more familar with ISPConfig and know more about the underlaying permission system, you will see that.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 23rd January 2012 at 15:38. Reason: typos
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP.ini security vaio Installation/Configuration 1 14th December 2011 12:09
GlusterFS: Severe performance problem with concurrent HTTP requests fredkin HOWTO-Related Questions 0 15th November 2011 21:52
Problem with ispconfig 3 staff007 Installation/Configuration 4 10th October 2011 21:17
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
SE linux problem when security context is modified raj123 Technical 1 28th June 2006 08:57


All times are GMT +2. The time now is 22:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.