System Security

Discussion in 'Programming/Scripts' started by mphayesuk, Jan 24, 2006.

  1. mphayesuk

    mphayesuk New Member

    Ok I am using ISPConfig and are allowing people access to CGI and Shell

    1) Can my customers use cgi to harm my system

    2) Can my customers use shell access to harm my system

    Thanks
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes, if you done use SuExec.

    Yes. I would not give users shell access unless you recompile your SSHD to ebale chrooting of shell users and create chrooted accounts for your shell enabled users.

    Olease have a look at this howto:
    http://www.howtoforge.com/chrooted_ssh_howto_debian
     
  3. mphayesuk

    mphayesuk New Member

    Ok is SuExec covered by the perfect stup guide, or used by default on suse 10.

    IF not to both how do I use it and set it up

    Thanks
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    No. But you can enable suExec in ISPConfig under management > server > settings.

    I dont know of a howto for SuSe for chrooting SSH users. Maybe google a bit or try to adapt the DEBIAN howto.
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    During ISPConfig installation you must specify /srv/www as ISPConfig's document root instead of /home/www because SuSE's suExec is compiled with /srv/www as document root. Have a look at the suExec section on http://www.howtoforge.com/perfect_setup_suse_9.3_p6
    And then, you have to enable suExec in ISPConfig, as Till said.
     
  6. mphayesuk

    mphayesuk New Member

    OK.. thanks... small problem though can I re-run the SuExec and specify that /home/www is the default folder... or change a config file somewhere.... rather than re-installing ISPC to change the web folder.

    Thanks
     
  7. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    SuExec is compiled into apache, it is not configured in a config file. If you dont want to change your web root you will have to recompile your apache webserver and set the correct web-root as configure parameter.
     

Share This Page