Protecting user directories and admispconfig question

Discussion in 'Installation/Configuration' started by Mr Blek, Jun 28, 2007.

  1. Mr Blek

    Mr Blek New Member

    What access permissions should be applied to /home/admispconfig

    Any user that can access SSH can browse to that directory and read files.

    Also, SSH users can browse to the /srv/www/web* directory of any other host and read their files. How can I have this protected by default when the account is created?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is nothing that a SSH user might see in /home/admispconfig/ that he can not see when he downloads the ISPConfig installer tar.gz, all login information and passwords are protected. You must enable SSH chrooting. Please search the forum for "chroot ssh" for detailed instructions.
  3. Mr Blek

    Mr Blek New Member

    Thanks. Didn't realise I'd double posted.
  4. Mr Blek

    Mr Blek New Member

    Installed ssh with chroot, followed instructions per debian how to

    ISPConfig with chroot off:


    ISPConfig with chroot on:


    When its turned on, the shell exits immediately. What's gone wrong?
  5. falko

    falko Super Moderator ISPConfig Developer

    Any errors in your logs?
  6. Mr Blek

    Mr Blek New Member

    None in /var/log/messages
  7. falko

    falko Super Moderator ISPConfig Developer

    And in the other logs, e.g. /var/log/auth.log?
  8. Mr Blek

    Mr Blek New Member

    I don't actually have that log file. the ones I can see are:

    YaST2 evms-engine.log mcelog zmd-backend.log
    acpid faillog messages zmd-backend.log-20070627.bz2
    apache2 httpd mysqld.log zmd-backend.log-20070629.bz2
    apparmor ispconfig_install.log news zmd-backend.log-20070630.bz2
    audit krb5 ntp zmd-messages.log
    boot.log lastlog scpm zmd-messages.log.2007-06-26
    boot.msg mail smpppd zmd-messages.log.2007-06-27
    boot.omsg mail.err warn zmd-messages.log.2007-06-28
    cups wtmp zmd-messages.log.2007-06-29
    evms-engine.1.log mail.warn xferlog

    /var/log/messages was the only place I could find any ssh logging

Share This Page