Root Server Security

5 posts / 0 new
Topic locked
Last post
#1 Tue, 06/29/2010 - 08:52
gl3ny

Root Server Security

I have created 3 virtual servers. If I connect with SFTP to one of the Virtual Server Owner accounts I can see the folders of the other account. I can't access the other VS accounts but I can go up to the parant directories. How can I prevent vs account owners from accessing other directories?

Tue, 06/29/2010 - 14:00
andreychek

Howdy,

With SSH/SCP/SFTP, users can see any folder they have rights to.

That's in contrast to FTP, which allows you to chroot users into certain folders.

What you're seeing is just a difference in the way the various protocols work. If that's a problem, the simplest way to solve it would be to not allow SSH/SCP/SFTP access.

Though, the thing to remember, is that they aren't seeing anything they don't have rights to anyway... they could simply use a web-based file manager and browse those same files/dirs.

-Eric

Tue, 06/29/2010 - 14:58 (Reply to #2)
gl3ny

If a VS owner can naviagate from his folder up to the root then change files in the "etc" folder for instance, is that not going to impact the sites of the other vs owners?

If this is correct, what I want to achieve is prevent damage to sites of other VS owners by VS owners. I would like to give them access to only their respective folders in home directory.

From what I understand this only possible with FTP and not SFTP, right?

Tue, 06/29/2010 - 15:10
andreychek

Nah, there's a distinction between what files they can see, and which ones they can modify.

They should only have write permissions in their own homedir, they should purely have read permissions in directories such as /etc. So there's no opportunity for them to go changing things.

-Eric

Tue, 06/29/2010 - 16:23 (Reply to #4)
gl3ny

Ok thanks!

Topic locked