Currently, it seems that when you create an SSH/SFTP account tied to a domain name, this account can view the entire server, including sensitive directories like /proc and the server logs. Here are my main concerns: Permissions: Is it possible to restrict the SSH/SFTP account so it does not have access to the whole server? Specifically, I’m worried about access to /proc and other sensitive areas. Security: Since the sudo command doesn’t work for these accounts, is it safe to provide SSH access to clients? Could this potentially expose sensitive server information?
The client's web site must be chrooted / jailed for it to be safe though I think that is already made the default.
Then, you created a non-jailed user. You must enable jailkit when creating an SSH/SFTP user. You can also limit clients to allow jailed users only in client limits. What you asked for is called a jail and used by ISPConfig when you created the SSH user as jailed user. Yes, that is secure. And using sudo there makes no sense here as the web runs already as unprivileged user plus a jail is way more secure than sudo, as sudo just executes a command under a different user and the web user is already a non-root user, but a jail also changes the root of the system for this user so he can not access the real system root.
the jailkit is enabled and it works as expected. To run the php commands - > Jailkit chrooted applications : /usr/bin/php /usr/lib/php/ That's fine? Code: :~/web$ php artisan bash: php: command not found
It's the default, so that's fine. However, you can also add additional PHP versions using app sections. Check jailkit config files to see which app sections are available.
@till Website : Chroot PHP-FPM is disable by default. Fine? don't need to worry about web security? if unchecked.
Each web is run by a different Linux user in ISPConfig, so the webs are already separated. PHP-FPM chroot is off by default because some websites would fail if you enable it as you cannot reach mysql on localhost anymore from inside the jail. You must change mysql connection settings of your CMS from localhost to 127.0.0.1, and as many users would fail to handle this correctly, this feature is off. But of course, it's more secure if you turn it on.
yes. it shows error of mysql connection. Apart from this? like so, something usually make problem for the users.
You can not reach a file outside of the jail, which is the purpose of those functions. That's also the reason why localhost for MySQL won't work, as it's a socket file outside of the jail. However, generally, it should work fine, but you will have to test it for each site to be sure, and if it fails, you might have to adjust the site's code to ensure that it does not require anything that's not in the jail.
