Is it possible to get console access to files websites which are belong to one client using one shell user account?
ah, I misunderstood the question. it seems you can grant only access to a website and not to all websites belonging to a user.
I was afraid of that. Maybe is some kind of custom, not official, resolve in this case. It would be great. Now, one user who has i.e. five websites, need to create additional five ftp and shell users. Of course if he need ssh/ftp.
You could probably do that using bind mounts to remap the user ids. Eg. create your 5 websites, say they are: /var/www/clients/client1/web1 /var/www/clients/client1/web2 /var/www/clients/client1/web3 /var/www/clients/client1/web4 /var/www/clients/client1/web5 Then create one ssh account, maybe even inside another "fake" website (ie. bogus domain name) for security sake, so the ssh account root (using jailkit) is: /var/www/clients/client1/web6 Then make a directory in web6 and bind mount all the first 5 websites (note: code untested): Code: for i in 1 2 3 4 5 do WEB=/var/www/clients/client1/web${i}/web MNT=/var/www/clients/client1/web6/sites/web${i} mkdir -p ${MNT} U=`stat --printf=%U ${WEB}` G=`stat --printf=%G ${WEB}` bindfs -r -u ${U} -g ${G} -p ug=rD ${WEB} ${MNT} done You should then be able to login as your ssh user and have website root directories under /sites/web#. The mounts will be lost upon reboot, so add to fstab or write a script to mount them at boot or via cron if you need them to remain persistent. The reason for the fake website to hold the ssh account is because web6 won't actually have a website, and hence can't be compromised in that way - if you used say web5 to hold the ssh account, then the web5 website were hacked, the hackers would have access to all the other websites (mounted at /sites).
On further thought, you'd be better off creating directories named after the website (eg. /var/www/clients/client1/web6/sites/domain.tld/) rather than the generic web# name, or at least symlink the website name to the web# directory like ispconfig does now.
Why can't aliasdomain with vhost do that? I mean, create one main website, then create websites under it using aliasdomain by giving each of them their own folders like /web/aliasdomain. I do think you should be able to use the "one" ssh and ftp account created for the main website to access other aliasdomain website(s) this way.
yes, they are independent. Using vhost aliasdomains as @ahrasis pointed out should probably work fine if you really want to have just one SSH user for a client.
Would an implementation based on bind mounts be worth a feature request in the issue tracker? (ie. anyone interested in adding support native to ispconfig for that?)
Creating aliasdomain under ISP make directories in proper /web/ ? After this could I just create in ISP mail domain and email account for it without any problems?
Yes. You will need to specify its directory upon creating vhost aliasdomain as mentioned earlier. They (mail domain and account) when created should be independent as already confirmed by till above.
Does it mean I should put some path i.e. /web/somealiasdomain in RedirectPath field in tab "Aliasdomain for website"?
Funny because that should be easy instead of confusing. Anyway, under ISPC > Sites > Websites there is (at its end) menu to create aliasdomain for website and aliasdomain (vhost) where you should select the later. I can't be of much help if you can't even find the menu so please do see the attached picture. Under its page, when you click add new aliasdomain button, it will show you a setting page to create the vhost aliasdomain including one setting for Web folder. In there, you should fill in your preferred directory as advised earlier. Do you need to be spoonfed with pictures for the above instructions too?
Thanks for message. Please take a look on my screenshot https://ibb.co/iB5T0Q. I don't have there those options which You mention.