Hi, I'am just searching for the best folder layout for ISPConfig for the websites. My Idea is to implementing it like this: /var/clients/client[client_id]/web[website_id]/ And then have 2 symlinks for easier shell navigation: /var/www/[website_domain]/ => /var/clients/client[client_id]/web[website_id]/ /var/clients/client[client_id]/[website_domain]/ => /var/clients/client[client_id]/web[website_id]/ Example: A website "www.mydomain.com" which has the internal ID 22 and belongs to the customer with the ID 5. Directory: /var/clients/client5/web22/ Symlinks: /var/www/www.mydomain.com/ => /var/clients/client5/web22/ /var/clients/client5/www.mydomain.com/ => /var/clients/client5/web22/ Please post your Ideas and comments on this. A second question: a) Shall we create a sytem user for every client, so all websites of a client belong to the same linux user. b) Shall there be a system user for every website and a linux group for the client. All website users of this client belong to the group of the client. My preference is b)
I like the idea of the folder layouts. However, for the system users and groups... I don't see why option b would be better than a. To me, it looks like all we do is add some more users and groups, but, what would I see on my end, or the client see on his end, that would be improved by that? Or is it just for organization?
If I assign more then one website to one use, why would I want more than one system user? This only complicates things for the end-user. If a user needs more freedom he needs to be a reseller. Please make it simple for the end-user! So I definitely prefer option a) For the directory structure: Why not use "/var/clients/client[client_id]/[website_domain]/" also? It's much more human readable. melwood
Thats a question of security. If one client has lets say 20 websites and all websites have the same user, then he will loose 20 sites if one of the sites get hacked e.g. trough a insecure forum or cms system. If every site has its own system user, only one site will be affected. The drawback is that the user will have to use a separate FTP login for every site, but this can be circumvented if the user says that he wants to access all sites with one user, he can make the files group writable for the client group.
I prefer this: /var/www/www.mydomain.com/ => /var/clients/client5/web22/ But is the following also possible? /var/www/[client_username]/[domain]/ ? And choose B is better, because security issues.
Hey Human readable would be great for the webdirs. Maybe using a chrooted jail for the shell access is an option?? Further on I discovered a small mistake in the wblist php file. I have not yet used a svn upload ever, so can anyone tell me how to, or can I upload the files or the mistake anywhere else? Thnx
This will be avilable as option and it isrecommended to use it. But as the common linux distribution have no sshd which supports chrooting by default, we can not make this the defualt option. If you use windows on your desktop, tortoesesvn is a nice SVN client which integrates perfectly into the file explorer. You may also post the cahnged lines from the wblist file here, if it is just a minor change.
The php mistake I found was in the spamfilter files. So users could not edit there spam white, and blacklists. the word "limit_" was written twice. Bothe files the same line: spamfilter_whitelist_edit.php spamfilter_blacklist_edit.php line 66: was: if($client["limit_limit_spamfilter_wblist"] >= 0) { has to be: if($client["limit_spamfilter_wblist"] >= 0) {
b). and I want to comment on one system i used on a virtual server 9with a team company etc). The domains worked as the "key" rather than the user id. eg /sites/www.tld.com/ << /sites/another.tld/ One problem I forsee here is having 2 servers and want to copy etc and user "id" etc and domain is ALWAYS good identiity imho.
Did not want to open a new thread for this, so I post it here, how about integrating phpids (www.phpids.org) into ISPConfig 3? Should not be that hard, the question would more be about how to react depending on the recognized impact level.
I would appreciate the exact same thing - somewhere I've read a how to that shows how to turn on PHPIDS for one domain. I would prefer to have a checkbox in the ISPConfig panel, if possible. Or is it so simple to just add a Apache directive if PHPIDS is installed somwhere (outside a DocumentRoot)? So I hope we'll get an answer, regardless that the last post was from 2008,,
According to the phpids webpage, phpids has to be intergrated into the php scripts that run in the website (e.g. in wordpress or joomla or any custom website script) and not into the vhost configuration. So you have to individually build phpids into your sites php scripts, phpids is something a webdesigner or programmer has to built into his site and then upload it with its site content to the website folder. This is not a feature that can be simply enabled by adding a rule into the apache configuration.
In principle, you are right. However, I refer to this howto: http://www.howtoforge.com/intrusion-detection-for-php-applications-with-phpids where a PHP file containing the checks is "prepended" like this: auto_prepend_file = /var/www/web1/web/phpids.php ...to any php file to be executed (as I understand it) within the context of the vhost. Wouldnt it be a great thing to "force" clients that their input is filtered via PHPIDS in that way? According to the Howto, I would maybe able to install PHPIDS for every client / vhost. It would save a lot of effort and could avoid clients tinkering with it when done somewhere elso on a global level. Piwik has issues with PHPIDS, so when having a pure Piwik install one could turn PHPIDS off... Thats all I want to ask for...