I have a very basic question that I'm almost ashamed to ask. I've had a Cpanel shared hosting account for several years, but now want to host our sites on our own server. On every web host we've used in the past, we had our own user account under /home/<user>, like a standard linux system. Since we were the owners of that account, we could transfer files via scp and edit them on the server via ssh under a chroot jail. With ISPConfig3, it looks like those files are now under /var/www/clients/<client_id>. This directory had userid and groupid both set to 'root', so the client can't read or write to that directory. Nor can they access the subdirectories (web, webdav, etc) via ssh. Those subirectories have <site_id> for the owner, and <client_id> for the group. I have created a symlink from /home/<user>/<website_domain>/ to try to match what we had before with Cpanel, but run into the same permissions issue. How can I recreate what I'm used to on our previous Cpanel accounts? Is this even possible?
There is a misunderstanding on your side which folders are used. The website is not under /var/www/clients/<client_id>, the website basedir is under /var/www/clients/<client_id>/<web_id>/ and the website is under /var/www/clients/<client_id>/<web_id>/web/ The permissions are perfectly fine, just your conclusions are wrong as the client has access to all directories that he needs access to. Testing is dead easy, create an ssh user in ispconfig and login with that ssh user, you will see that you have access to all directories that a client shall have access to and that's the 'web' directory of the site as the websites is uploaded there and the 'private' directory of the site which is used to store private files and he has access tp its ssh home directory. Delete that symlink. ISPConfig uses its own secure permission scheme which allows a client to access all folders he needs to have access to by SSH and FTP and it allows the client to write to all folders that he shall be able to write to. So there is no need to change any permissions.
Thanks for the quick reply. I just discovered that after re-reading the manual more closely. On my Cpanel host, I created a Python virtual environment in my home directory for unique Python libraries separate from my system libraries. I assume I can do the same in either my site's ./web or ./home/<site_id> directory?
You have full write permissions to both directories (its ./home/<username> though if you refer to a chrooted ssh user), so sould be able to add any files there that you need.
Is it possible to use one shell account to administer multiple sites if they are controlled by the same client id? It doesn't appear I can use the same username on different sites. I would either need to 'su' to the other shell account user id, or close the ssh session and open a new one using the other shell account id. It's also not possible to copy files between different sites in a ssh session, because even though the file may belong to the client's group id, the group by doesn't have write access. Only the user has write access, and that is unique to each site (i.e., directory permissions are by default 755). Is that correct? I guess what I'm askiing is if it's possible to use ISPConfig as a single user who has control over multiple sites, rather than the multi-user model it was designed for.
No, sites are isolated from each other for security reasons. But you can have multiple vhosts in one site by using vhost aliasdomains, the feature can be enabled under system > interface config which enables a new menu point in the sites module.
Thanks for the tip, and for answering all my questions. I appreciate all the work you've obviously put into this software.
