ISPConfig 3 questions

Discussion in 'Developers' Forum' started by till, Jun 19, 2007.

  1. till

    till Super Moderator Staff Member ISPConfig Developer


    I'am just searching for the best folder layout for ISPConfig for the websites. My Idea is to implementing it like this:


    And then have 2 symlinks for easier shell navigation:

    /var/www/[website_domain]/ => /var/clients/client[client_id]/web[website_id]/
    /var/clients/client[client_id]/[website_domain]/ => /var/clients/client[client_id]/web[website_id]/


    A website "" which has the internal ID 22 and belongs to the customer with the ID 5.




    /var/www/ => /var/clients/client5/web22/
    /var/clients/client5/ => /var/clients/client5/web22/

    Please post your Ideas and comments on this.

    A second question:

    a) Shall we create a sytem user for every client, so all websites of a client belong to the same linux user.
    b) Shall there be a system user for every website and a linux group for the client. All website users of this client belong to the group of the client.

    My preference is b)
  2. I like the idea of the folder layouts.

    However, for the system users and groups... I don't see why option b would be better than a. To me, it looks like all we do is add some more users and groups, but, what would I see on my end, or the client see on his end, that would be improved by that?

    Or is it just for organization?
  3. melwood

    melwood New Member

    If I assign more then one website to one use, why would I want more than one system user? This only complicates things for the end-user.

    If a user needs more freedom he needs to be a reseller.

    Please make it simple for the end-user!

    So I definitely prefer option a)

    For the directory structure:

    Why not use "/var/clients/client[client_id]/[website_domain]/" also? It's much more human readable.

    Last edited: Jun 25, 2007
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats a question of security. If one client has lets say 20 websites and all websites have the same user, then he will loose 20 sites if one of the sites get hacked e.g. trough a insecure forum or cms system. If every site has its own system user, only one site will be affected.

    The drawback is that the user will have to use a separate FTP login for every site, but this can be circumvented if the user says that he wants to access all sites with one user, he can make the files group writable for the client group.
  5. melwood

    melwood New Member

    If it is possible to access all sites with one ftp-account then go for option b)

  6. bpssoft

    bpssoft Banned

    I prefer this:

    /var/www/ => /var/clients/client5/web22/
    But is the following also possible?
    /var/www/[client_username]/[domain]/ ?

    And choose B is better, because security issues.
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    b) is the current implementation and the symlinks are configurable.
  8. satommy

    satommy New Member


    Human readable would be great for the webdirs.
    Maybe using a chrooted jail for the shell access is an option??

    Further on I discovered a small mistake in the wblist php file. I have not yet used a svn upload ever, so can anyone tell me how to, or can I upload the files or the mistake anywhere else?

  9. till

    till Super Moderator Staff Member ISPConfig Developer

    This will be avilable as option and it isrecommended to use it. But as the common linux distribution have no sshd which supports chrooting by default, we can not make this the defualt option.

    If you use windows on your desktop, tortoesesvn is a nice SVN client which integrates perfectly into the file explorer.

    You may also post the cahnged lines from the wblist file here, if it is just a minor change.
  10. satommy

    satommy New Member

    The php mistake I found was in the spamfilter files. So users could not edit there spam white, and blacklists. the word "limit_" was written twice.

    Bothe files the same line:


    line 66:


    if($client["limit_limit_spamfilter_wblist"] >= 0) {

    has to be:

    if($client["limit_spamfilter_wblist"] >= 0) {
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Thanks. I fixed it and uploaded the changes to SVN. The fix will be included in the alpha 3 version.
  12. pedro_morgan

    pedro_morgan New Member

    b). and I want to comment on one system i used on a virtual server 9with a team company etc).

    The domains worked as the "key" rather than the user id. eg
    /sites/ << /sites/another.tld/

    One problem I forsee here is having 2 servers and want to copy etc and user "id" etc and domain is ALWAYS good identiity imho.
  13. Ben

    Ben Active Member Moderator

    Did not want to open a new thread for this, so I post it here,
    how about integrating phpids ( into ISPConfig 3?

    Should not be that hard, the question would more be about how to react depending on the recognized impact level.
  14. ande

    ande Member HowtoForge Supporter

    I would appreciate the exact same thing - somewhere I've read a how to that shows how to turn on PHPIDS for one domain. I would prefer to have a checkbox in the ISPConfig panel, if possible. Or is it so simple to just add a Apache directive if PHPIDS is installed somwhere (outside a DocumentRoot)?

    So I hope we'll get an answer, regardless that the last post was from 2008,,
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    According to the phpids webpage, phpids has to be intergrated into the php scripts that run in the website (e.g. in wordpress or joomla or any custom website script) and not into the vhost configuration. So you have to individually build phpids into your sites php scripts, phpids is something a webdesigner or programmer has to built into his site and then upload it with its site content to the website folder. This is not a feature that can be simply enabled by adding a rule into the apache configuration.
    Last edited: Sep 26, 2011
  16. ande

    ande Member HowtoForge Supporter

    In principle, you are right.

    However, I refer to this howto:

    where a PHP file containing the checks is "prepended" like this:

    auto_prepend_file = /var/www/web1/web/phpids.php any php file to be executed (as I understand it) within the context of the vhost.

    Wouldnt it be a great thing to "force" clients that their input is filtered via PHPIDS in that way?

    According to the Howto, I would maybe able to install PHPIDS for every client / vhost. It would save a lot of effort and could avoid clients tinkering with it when done somewhere elso on a global level.

    Piwik has issues with PHPIDS, so when having a pure Piwik install one could turn PHPIDS off...

    Thats all I want to ask for... :)

Share This Page