Python and security in Ispconfig

Discussion in 'Programming/Scripts' started by jeppunen, Sep 6, 2016.

  1. jeppunen

    jeppunen New Member

    I enabled Python on one site in a Ispconfig hosted environment and tested and it worked. But then I tested how much of permissions Python has and it seems that I'm able to execute almost anything (list other sites directories, apt-get update etc), which of course is not a good thing. I tried to look if Python should be jailed to the executing site, but I did not found an answer.

    Should Python be restricted only to the site or do I have misconfigured something in my server?
    Last edited: Sep 6, 2016
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The Python implementation in ISPConfig uses mod_python, this means that python runs as apache user. It is not recommended to use mod_python in a shared hosting environment for that reason.
  3. jeppunen

    jeppunen New Member

    Ok, then this is by desing and I have not missed anything. I'll find an another solution. Thanks Till!

Share This Page