Security level for websites

Discussion in 'ISPConfig 3 Priority Support' started by harkman, Jul 10, 2013.

  1. harkman

    harkman Member HowtoForge Supporter


    I have a issue with the security levels for the websites. Configurable under System->Server Config->Web

    The manual tells me:
    I need a third type of folder access rights.
    I have resellers on my server that maintain a couple of sites they own. Most of the domains/pages are created under the reseller account, sharing the same group (clientXY) but with different user.
    I need a security level that looks like this:
    Directory owned by web site user and readable and writeable by same group but not accessable for others.

    Is it possible to add this to ISPconfig myself? Maybe you (Till) want this to be part of the next update for ISPconfig.

    Reason why I ask for this is the need of my reseller to access and maintain all the sites under his clientId with one FTP account. Currently he only can see and edit files in one site and needs to create a FTP user for every site he creates. This is a little bit annoying.

    Regards, Jürgen
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The permission schemes are fine balanced permissions to met the requirements of all subsystems like webserver, ftp, ssh, jails, cronjobs etc. It might be that some subsystems will fails with a security error if you cahnge the permisions like you described above.

    E.g. if the directory /var/www/clients/client1/web1/ would be owned by the web user and not root, then security features like ssh jails or or jailed cronjobs will fail.

    You may change the security scheme for your servers of course if you dont need a secure system, all you have to do is to write your own apache / nginx ispconfig plugins based on the plugins that we deliver. Also the cron* plugins and the ssh user plugins will have to be altered.
  3. harkman

    harkman Member HowtoForge Supporter

    Sorry, but this can't be true as the standard security options "High" already set all web* directories to 0710 and owner is already the web user. This is documented in the current manual too:
    The High level now disables FTP users to see all the webs they own (Group) I'd prefer to have a additional Security level that will add read/write access to Group for all webs that belong to the same client.

    Regards, Jürgen
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am talking about the web root directory (see my example above /var/www/clients/client1/web1/), the documentation refers to the "eb" directory that holds the html and php files /var/www/clients/client1/web1/web/

    Ok.I thought you meant the web root. If you refer only to the "web" html file directory, then this can be changed most likely.

Share This Page