Primary group of shell users

Discussion in 'Installation/Configuration' started by Eusebius, Feb 5, 2012.

  1. Eusebius

    Eusebius New Member

    Hi.

    I have some trouble configuring my shell users so that everything works smoothly.

    By default, when I create a SSH user for a website, the primary group seems to be the client ID ("client1"). Of course, that makes the newly created files unreadable/writeable by Apache. How can I set the primary group of all my (newly created?) shell users to www-data?

    Also, even if I change the owner of a file (inside a website directory) while being root, when I log in through the jailed shell account, I don't see the group name, only its number. Is it a problem or not regarding my issue?

    Thanks in advance!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Your problem are the website settings and not he shell user group. Edit the website settings and ensure that suexec is enabled and that you use php fcgi as ohp mode, so all files get created with the correct user snd group by apache.
     
  3. Eusebius

    Eusebius New Member

    Thanks for the advice, I'll try. However, I am quite certain that administrators not wanting to use suexec for security reasons, or fastCGI for performance reasons, have a way to do so? Otherwise ISPconfig wouldn't give a choice.

    It is pretty easy, outside ISPconfig, to assign a primary group to a user. Since ISPconfig creates user accounts, I'd like to know whether there is a way to make it take care of the group assignment? Otherwise, it would be much easily acceptable for me to script it on the server (outside ISPconfig) than to use fastCGI.

    Thanks again for your response, and thanks in advance to anyone with an insight about the issue.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am quite sure all admins that do professional hosting do it :) Suexec should always be used for security reasons to run scripts under the user of the website so that all sites and scripts are separated security wise and fastcgi (dont mix up with cgi) is as fast as mod_php.

    The way you want to configure the system is quite insecure as it would allow a infected php script in a website to infect all other websites and thats why ispconfig does not offer it as option. If you like to do your insecure configuration, you will have to change the sourcecode or use a different controlpanel.

    The choice is there for contact forms and other scripts that dont have to write to the website.
     
  5. Eusebius

    Eusebius New Member

    Hi, thanks again for your valuable explanations. There clearly was something that I hadn't understood when reading about suexec, and I actually mixed up suExec+FastCGI with suPHP.

    Most clearer now, thanks.
     

Share This Page