Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th June 2010, 13:59
PerudoIS PerudoIS is offline
Junior Member
 
Join Date: Dec 2006
Location: The Netherlands
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default One SSH user for all sites

We are using ISPConfig 3 on our servers of our webdevelopment company. We are the only user on the server, customers don't have access to their websites. Does ISPConfig 3 has an option to add a SSH user which can access all sites on the server ?
Reply With Quote
Sponsored Links
  #2  
Old 25th June 2010, 14:05
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,242 Times in 4,108 Posts
Default

Thats not possible as every site runs under its own Linux user. The only user that has access to all files on a server is the root user.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 11th July 2010, 16:34
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 262
Thanks: 32
Thanked 6 Times in 5 Posts
Default

well, I guess it is possible to manually create a user that has access to everything under var/www ?
Reply With Quote
  #4  
Old 11th July 2010, 16:54
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,242 Times in 4,108 Posts
Default

Quote:
well, I guess it is possible to manually create a user that has access to everything under var/www ?
No, at least not one that will work. You can create a user with root priveliges that has access to all files or use the root user. But as soon as you use the user to upload files, you will have to chown every file and folder to the owner of the web afterwards. If you dont do this, then suexec and suphp wil deny access to these files.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 12th July 2010, 17:37
BorderAmigos BorderAmigos is offline
Senior Member
 
Join Date: Apr 2008
Location: San Diego & Tijuana
Posts: 302
Thanks: 26
Thanked 33 Times in 31 Posts
Send a message via MSN to BorderAmigos Send a message via Yahoo to BorderAmigos
Default

I regularly work on my sites as root simply because I work on multiple sites at the same time. Have written some small scripts that chown the appropriate files as needed.
__________________
System6Hosting.com, ISPConfig 3, Debian.
Reply With Quote
  #6  
Old 14th September 2012, 20:48
tuxfan tuxfan is offline
Junior Member
 
Join Date: Nov 2011
Posts: 18
Thanks: 0
Thanked 4 Times in 2 Posts
Default

We just
chown -R user:www-data web12
or whatever the directory name is. Works great.

The problem is that updates on the site in ispconfig often results in a change back to the default directory owner. The web directory usualy stays the same and its not that big a deal to repeat the action.

It would be nice removing that chown on site update - but I havent find that line in the code.
Reply With Quote
  #7  
Old 14th September 2012, 21:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,242 Times in 4,108 Posts
Default

Thats makes the sites insecure, if a site gets hacked then the hacker can damage the whole server easily and each customer has access to all other customers sites. I wont do that on a server that is connected to the internet. For a intranet or local dev system it miht be ok.

Regarding the permission updates, thats configurable under system > server config.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 16th September 2012, 12:18
tuxfan tuxfan is offline
Junior Member
 
Join Date: Nov 2011
Posts: 18
Thanks: 0
Thanked 4 Times in 2 Posts
 
Default

That realy depends on how you do it.

Since youre not giving the group www-data write access, any php-injections and so on can not harm the system. Only "user"(in my example) has writing permisions.

We usualy dont give clients shell access - but if we would they would not be a part of the www-data group, so even if they would get out of the root-jail they would not acces the sites controled by "user". A normal ipsconfig account could coexist with such webmaster-controled accounts - and in fact the ownership can be reverted even if it has never been requested.

Of course is the webmasteraccount ("user") a weak point - I admit that. But the alternative is using the root account a lot - and that is even worse - and with proper security routines that should not be a problem.

The permisions updates - I don't find them. I guess they are under "system > server config> my.server -> Webb" - but I dont find such variable.

Last edited by tuxfan; 16th September 2012 at 17:46.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
freebsd 7, samba 3, domain controller alexdimarco Suggest HOWTO 6 5th November 2010 16:54
Can't access to my website - after install problem pallermo Installation/Configuration 18 4th June 2010 13:29
blocking ssh for a particular user jithesh Suggest HOWTO 3 26th March 2009 16:27
admispconfig invalid user johann Installation/Configuration 4 15th January 2009 18:51
log files cruz Technical 3 15th May 2007 14:35


All times are GMT +2. The time now is 07:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.