Hey again, sorry for asking a lot a stuff but that's been bothering me for a long time i don't even know if something is wrong or just misconfigured but here it is.. let's just say user01.com has an ftp folder that he can upload files to the public_html and everything, if he logs in to that folder he'll be able to see the whole 'home' folder and also he can see that there's google123.com, user2.com, virtualmint.com, painthearse.com, rednecksftw.com the point with this he can easy easy figure out what is being hosted with that server, is there a way to make public_html the 'home' folder
Oh BTW the user1 can see his files and everything but he doesn't have acess to painthearse.com or user2.com files.
That's just a safety precaution i want to take, and i think most people should too.
A quick answer, since this has been discussed many a time already, and a forum search should give you sufficient results:
Check Limits and Validation -> FTP Directory Restrictions.
Sorry for that :/ I'll check it out thanks
Good luck. :) Note that, before you maybe ask, those restrictions do not apply to SSH logins. :) Restricting SSH directory visibility is a way more complex, and not recommended, thing.
So the user that btw is someone out there that we don't know and don't trust can still access everything through ssh? Well even if it's 'not recomended' i'd like to take a look at it.. cause i don't want security breaches in my servers xD
Nono, of course only users can log in via SSH if you give them that right, in this case via assigning them the proper login shell. By default, only virtual server owners have SSH right.
And you should give only trusted users that right indeed, since even if they are restricted through Linux file permissions, having a login shell is a potential first step to doing evil things on your server. :)
Oh boy.. What a regular monday :D (i can fell of the pain for the rest of the week already)
Well it's like this, virtual servers owners are my 'clients' (even though right now i'm just preparing things but that's how it'll work in the future) so they can be people from anywhere, with good and bad intentions, spammers, hackers.. anything at all i need to 'prepare' my servers in every way possible to handle all of that as soon as possible.
FTP is just the beginning i know it, but i don't want my clients to see more than they have too, there's a lot of scummy little curious people out there with lots of thoughts.
Then SSH, well that's the most important part cause i don't think my client need anything besides that basic virtualmin interface he can do everything there, backups, manage databases, manage email accounts, manage ftp accounts etc
I even pre install everything that's needed so i can disable the possibility of install more stuff like the scripts, i install the webmail and that's it i won't give him access to the installer and if the client needs anything is simple, just ask and rootie will take care of it XD
Considering that i'm gonna be running behind a nat dedicated firewall with strict ports that i choose (it takes care of ddos and everything) well.. i THINK it's safe that's why this long testing period
And that's not even the begining of my problems i still have to figure out how to setup the fake raid with onboard controllers on linux and i can't find any help online oh boy.. wish everything had a comunity willing to help like virtualmin does..
Anyway..
Oh and i forgot to mention.. i searched the forums but i couldn't find anything and i've been trying to restrict to the public_html folder but if i try to restrict to a single user when i access the ftp it goes straight to the root folder.. (unbelievable!..)
And that's not even the begining of my problems i still have to figure out how to setup the fake raid with onboard controllers on linux
If in doubt, you can use Linux software RAID (mdadm), which works great. I use it myself too in my virtual machines. And Webmin can configure it for you, to a certain extent. :)
i've been trying to restrict to the public_html folder but if i try to restrict to a single user when i access the ftp it goes straight to the root folder
Can you re-phrase that? I don't really get what you mean here, please explain the problem again and what steps you did and what didn't work as expected.
Additionally, you listed a lot of things in your previous post, about all the stuff you're setting up for your client. You surely understand that I can't comment on all of that in a generic way, that's beyond the scope of a forum post (at least for me :) ). If you have specific questions about those things, feel free to ask.