Protecting user directories and admispconfig question

Discussion in 'Installation/Configuration' started by Mr Blek, Jun 28, 2007.

  1. Mr Blek

    Mr Blek New Member

    What access permissions should be applied to /home/admispconfig

    Any user that can access SSH can browse to that directory and read files.

    Also, SSH users can browse to the /srv/www/web* directory of any other host and read their files. How can I have this protected by default when the account is created?

    Thanks
     
  2. till

    till Super Moderator

    There is nothing that a SSH user might see in /home/admispconfig/ that he can not see when he downloads the ISPConfig installer tar.gz, all login information and passwords are protected. You must enable SSH chrooting. Please search the forum for "chroot ssh" for detailed instructions.
     
  3. Mr Blek

    Mr Blek New Member

    Thanks. Didn't realise I'd double posted.
     
  4. Mr Blek

    Mr Blek New Member

    Installed ssh with chroot, followed instructions per debian how to

    ISPConfig with chroot off:

    web4_admin:x:10004:10004:admin:/srv/www/web4:/bin/bash

    ISPConfig with chroot on:

    web4_admin:x:10004:10004:admin:/srv/www/web4/./:/bin/bash

    When its turned on, the shell exits immediately. What's gone wrong?
     
  5. falko

    falko Super Moderator

    Any errors in your logs?
     
  6. Mr Blek

    Mr Blek New Member

    None in /var/log/messages
     
  7. falko

    falko Super Moderator

    And in the other logs, e.g. /var/log/auth.log?
     
  8. Mr Blek

    Mr Blek New Member

    I don't actually have that log file. the ones I can see are:

    ___________________________________________________________
    YaST2 evms-engine.log mcelog zmd-backend.log
    acpid faillog messages zmd-backend.log-20070627.bz2
    apache2 httpd mysqld.log zmd-backend.log-20070629.bz2
    apparmor ispconfig_install.log news zmd-backend.log-20070630.bz2
    audit krb5 ntp zmd-messages.log
    boot.log lastlog scpm zmd-messages.log.2007-06-26
    boot.msg mail smpppd zmd-messages.log.2007-06-27
    boot.omsg mail.err warn zmd-messages.log.2007-06-28
    cups mail.info wtmp zmd-messages.log.2007-06-29
    evms-engine.1.log mail.warn xferlog
    _____________________________________________________________

    /var/log/messages was the only place I could find any ssh logging
     

Share This Page