Description I would like to suggest adding an option to hide the Document Root field in the web domain settings for users with the client role, while keeping it available for administrators. Currently, the Document Root field is visible in the client interface, although it is not required for everyday website management. ⚙️ Rationale Technical nature of the field Document Root is used for generating the web server configuration (Apache/Nginx) and is an internal system parameter. Risk of misconfiguration Allowing users to modify the Document Root may lead to: website malfunction broken directory structure Security considerations An incorrectly configured path may result in unintended access to parts of the server file system. Simplified user interface Hiding technical parameters makes the interface clearer and reduces the likelihood of user errors. Proposed solution Add a setting (global or per server): Show document root field to clients: yes/no ✅ Expected result Reduced risk of configuration errors Improved security Cleaner and more user-friendly interface
Very likely, an AI that has no clue about ISPConfig. There is no field where a user can set or edit the document root of a website in ISPConfig. So claiming it's a security risk when a user edits it is complete nonsense as there is no such option for the user. What ISPConfig does is that it shows (as text, non-editable) the document root path that users might require to configure their cms. This is not editable and therefore poses no security risk. So I guess the original poster just wanted to request to have an option to hide this info.
Sorry, I actually used ChatGPT to translate and format my message. Unfortunately, English is not my native language. Indeed, I would like to add the ability to optionally hide the path to the user's actual root directory.
