Shell Access

Discussion in 'General' started by mphayesuk, Mar 8, 2007.

  1. mphayesuk

    mphayesuk Member

    With a standard install of Suse 10 and ISPConfig, what access will customers have if I enable shell access.

    i.e.

    1) will they be able to restart the server
    2) can they view other folders outside their own directory

    or anything else

    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) No.
    2) Yes. If you want to prevent this, you must use a ssh daemon that supports chrooting and then enable chrooting in ISPConfig.

    You will find several threads about this topic when you search for chroot ssh in the forum.
     
  3. Pasco

    Pasco Member

    That means, on a fresh ISPC-Box I just have to run Page 1 of the SSH Chrooted Tutorial and set the value for ssh chroot in the config.inc.php from 0 to 1?

    Or do I have to do the things on Page 2 of the tutorial too?

    Actually there is no need for doing that:

    Code:
    mkdir /home/chroot/
    mkdir /home/chroot/home/
    cd /home/chroot
    mkdir etc
    mkdir bin
    mkdir lib
    mkdir usr
    mkdir usr/bin
    mkdir dev
    mknod dev/null c 1 3
    mknod dev/zero c 1 5 

    on a ISPConfig Box, right?

    But is there the need to do the following, means running the Script that beginns with "APPS=..."

    and this:

    Code:
    cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
    echo '#!/bin/bash' > usr/bin/groups
    echo "id -Gn" >> usr/bin/groups
    touch etc/passwd
    grep /etc/passwd -e "^root" > etc/passwd
    
    You should also copy the line of the group in which you will create new users from /etc/group to /home/chroot/etc/group. In this tutorial we will create users in the group users, so we do this:
    
    grep /etc/group -e "^root" -e "^users" > etc/group
    
    and restart SSH:
    
    /etc/init.d/ssh restart 
    ?

    There is a lot of confusion about that in the forum I guess, please give me/us a hint. Thx so much. [email protected]
     

Share This Page