Change UID/GID when adding new site

Discussion in 'Installation/Configuration' started by Senky, Oct 14, 2011.

  1. Senky

    Senky New Member

    when adding new site to ISPConfig, it automatically creates new user (web<number>) and as group, it sets selected one. My apache works under "www-data" UID/GID and I am the only one able to access files on my server, so I would like to add new sites with directories in /var/www/clients/client0/web<number>/ and all its subdirectories owned by www-data.

    Is that possible in any simple way? If not, I know php very well, so I can change it even in source code of ISPConfig, I just need to know probably which file it can be.

    Thanks for any reply!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This cant be changed in the config, you will have to change the sourcecode. It is highly recommended to not change this, except if this is an intranet server which is not connected to the internet. The different users protect the websites from each other and not just the clients, so this feature is very important for security on your server even if you are the only admin accessing it.

    Example: If you run all your websites as www-data, you rn severalk cms systems, lets say joomla. Now one of your joomla installs get hacked because of a vulnerable joomla plugin. The ispconfig default setup protects the other sites now from being hacked too by isolating the problem to this one website. With your setup, the hacker is able to access and hack all other websites too as they run under the same user.

    So on a ispconfig default setup, you have to repair one website. on your "one user" setup, you would have to repair 5 websites.

    If you want to do this cahnges anyway, you will have to change the web_domain_edit.php file in the interface which writes the user to the database. You might have to change also the apache2 plugin, the shelluser plugin, the shelluser jailkit plugin and the cron_daily script.

    You should also be aware that you will not be able to install any ispconfig updates in future then without modifying the sources again.
  3. Senky

    Senky New Member

    Thanks for you message. I know about all the threats with one UID among all my websites, even though, it will be usefull for me. I will consider editing the files.

    Thanks once again!

Share This Page