Permissions in previous web folder

Discussion in 'Tips/Tricks/Mods' started by pendientes, Nov 17, 2023.

  1. pendientes

    pendientes New Member

    Good morning.

    In order to install ossn I need to have write permissions in the previous directory of the page "/var/www/clients/client1/webxxx"

    Thanks in advance
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can not have write access to that folder. If ossn requires to access folders below web root, then install it on a subfolder of the web folder and change website document root to that subfolder.
  3. pendientes

    pendientes New Member

    I understand. Thanks.

    But there are apps so important like moodle que requires the same acces. Why is this restricted policy?

    "Data directory must be outside the installation path."
    Impossible to install it

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    If the folder would be writable by the web user, then you could not have things like jailed ssh users and other security features, and it would be easy for any web user to bring down your whole server and all sites on it.
  5. pendientes

    pendientes New Member

    I have been an IT Manager for many years. I don't know about OS for websites but I do know about programming all types of systems for the user.
    Ispconfig3 seems very interesting to me and I was trying it to think about the possibility of migrating how much I already have with Virtualmin but unfortunately I will not do it because this system limits me with this issue.
    I repeat, it is very interesting but the question for the ispconfig developers would be, can we compete with Virtualmin? Not today.

    Thank you very much for the support and availability
  6. Smythsys

    Smythsys New Member

    In our system we use the "private" folder to host the moodledata folder.
    Is there any reason that prevents ossn from using this folder?
  7. pendientes

    pendientes New Member

    I will let you know
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    All you have to do is to copy the app into the web folder and set the custom docroot in ISPConfig, so there is no issue at all here and it works fine like that. This way the web folder is not accessible via http anymore. And like @Smythsys mentioned, ISPConfig has also a private folder to store data outside of the docroot.

    You mean we shall remove the security focus and functions from ISPConfig. ISPConfig is built as a tool for professional hosters, and it is developed by hosting companies, so our focus is not to skip security as this is important for corporate use.

    So you know of the importance of IT security fo companies.
    ahrasis likes this.
  9. pendientes

    pendientes New Member

    It works!!!

    Please, understand me. I do not want tell you that your work is not very well done. Please, sorry if I said something wrong. I didn't know that you solved the problem with the private folder. As I said is a great job. To me was surprised that there was no way as you answered first time.

    Great again. Thanks!
    till likes this.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    You asked how to make a folder writable, which should not be writable and not if there is a place to store data securely outside of the web root :)
    ahrasis likes this.
  11. pendientes

    pendientes New Member

    You are right!

Share This Page