Hi I am fairly new to ispconfig. We are looking at using it on our new web server. My colleagues had a look and we had certain ideas on how to improve security. The solution we came up with (it's not ours!) is based on this http://lists.evolt.org/archive/Week-of-Mon-20030714/145126.html I've had a brief look at the ispconfig code but maybe it's easier to ask for help here. I am trying to change the user account creation for web users so that every new group has the apache user as member. from: Code: web3:x:10003:admispconfig,kubrt to Code: web3:x:10003:admispconfig,www-data,kubrt Any help appreciated.
I've been in the webservers field for quite some time now. The best solution to run PHP in a secure manner and without loss of performance is PHP+SuExec+FastCGI. open_basedir isnt a solution, what if the client wants to use ImageMagick which has its binaries installed in /usr/local/bin? Read this page if you want to find out more about php+fastcgi: http://ckdake.com/projects/documentation/php_security I've been running a php+fastcgi in production for more than a year now and it rocks! This is the manner I want a control panel to deploy php in virtualhosts.
Adding the www-data user to the group does not make things more secure. Instead you should install SuPHP and switch ISPConfig to SuPHP mode in the config.inc.php file, so your .php and cgi scripts where executed under the username of the web admin of the site.
You can do this with ISPConfig too. If I remember correctly, there are some posts about this topic in the forum.
