Single shell/ftp user with access to multiple web sites?

[burlyhousetech]

Is it possible so that a single FTP or SSH user login can be provided access to multiple web site files? I have a client who hosts a large number of sites and would like to provide them with a single set of "master" credentials to access everything.

Thanks,
-N

[falko]

No, that's not possible. You need one login per website for security reasons.

[burlyhousetech]

Thanks for the insight. I can understand the reasoning from a security perspective. For sake of sharing context: In this case we have installed ISPConfig as control panel to a customer's dedicated server and so they are the only user on the box.

[Parsec]

You/ve picked a very difficult thing to do, albeit, it's something I would like as well. But I think it would require a major change in the way ISPC works to achieve.

So you have to look at workarounds. True you could tell your ftpd to allow root login, but this is extemely dangerous. You're best bet is to research an sftp (scp) method of connecting to the server to provide a form of root access so as to connect to all directories (or at least /var/www). Again this could prove dangerous and it's possible ISPC will not like the owner/perms of the files written to the various web dirs. I don't know what will happen if this is done, but it's also something I plan on looking at in the future as clients with multiple websites cannot understand why they need a different ftp login for each site.

You are lucky that you only have one client on the server.

[burlyhousetech]

Agreed that root sftp/scp login isn't the way to go. Could create an admin-user shell account and then symlink the different hosts, but file permissions would need to be carefully managed by that user. I think unlikely a client who needs the web control panel in the first place would want to be bothered with that path. In the end I think the trouble is likely more than its worth and I'll probably not pursue further.

[till]

Quote:

clients with multiple websites cannot understand why they need a different ftp login for each site.

Then you might want to explain to them that they will loose all sites when one of their sites get hacked. Example:

A company which is your client has several sites: a shop which accepts credit cards, a company site were they provide also sensitive data to their customers in a protected area and a company blog.

On the blog, they installed a insecure plugin in e.g. wordpress, so the site gets hacked.

a) In the way ispconfig configures websites, the hacker gets only access to the blog site as the shop and the company page are in different sites with different Linux users.

b) In the way you want to configure the system, the attacker gets access to the blog, the comapny site with sensible data and the shop with the credit cards.

In case a) There is not much damage, you restore the blog from a backup, fix the security issues in the plugin and thats it. In case b) you can have a severe damage, sensitive data gets lost and you would have to restore 3 sites instead of one site.

And such hacks occur more often then most poeple expect. While the base systems of joomla, wordpress, etc are quite secure, there are many vulnerable plugins available and its enough that your customer installs one of it to make its site vulnerable.

Also how high is the burden with multiple logins? All comon FTP clients provide options to store login details and site management software like dreamweaver handles logins per site anyway.

[Parsec]

I understand what you are saying till, but a client never will.

You should also consider that when a site is "hacked" it's usually because some trojan has gleamed the access from some application on a users computer. In these instances having multiple logins in ftp apps, email apps or web design apps just means the hacker gets multiple logins and passwords not just one. Also most clients will do something stupid like create ftp logins like "mysite1" "password", "mysite2" "password" and so on... We have clients with hundreds of email addresses and they set every single one up with the same password and allow only the top level executives to change/create their mail password - the normal users have the generic one so the bosses can check their mail if need be.... great "security" that is... not

You can never beat the client, they will always think of something even more silly no matter what you do to try and secure the system for them.

Personally, with ftp, our policy doesn't rely on the username/pass, it relies on access. Generally on most server systems, ftp access is granted on client request and also limited by an IP subnet the client is on. Which reminds me I have to read up on how to do this in pure-ftpd - I always used proftpd-mysql in the past.