The default permissions on the web folder seem to be 710, which means even if you're in the client's group you can't alter the web content of that particular site. This is a particular problem as my server is primarily for running other things, such as an SVN, VoIP, etc, and thus I manage the users as per a normal linux box. Not being able to alter the files in web (without chmod'ing every time, or su'ing to the webX user) is incrediby annoying. Is there any way to alter the permissions that it sets on the web folder?
Aletring the content of the site folders works fine with the default permissions. Changing them opens up security holes. Just create FTP and shell users in ispconfig if you want to edit the content of the sites, manully created shell users will not work as ispconfig uses a special setup with just one uid per website.
I understand, and just allowing the client group isn't going to be a problem, as I am the only one using the server; presumably the only user that they can make use of anyway is the webX user, which only has any permissions in that folder and no login shell. The default permissions, as they are, make it more awkward to use in tandem with a system that is mostly being used for other software. Especially things like migration are annoying with this setup as no one user (bar root) has the permission set to do the whole thing.
As I told you above, add the SSH users that you want to use to administer the system in ispconfig and not manually and you see that they will have full access to the website.
I understand that the shell users have access to the website, but they don't (and can't) have access to any other features of my server, the fact being that their UID is the one that will be used to serve my web-pages, and should there be a bug in my website, I can't let them have any access to any files other than the website. The single-UID paradigm leads to this problem. Adding more people to the client's group, and making the web/ folder group rw doesn't incur any further security holes, as the webX user can still only access what it could before, yet I can also use my normally set up users to alter the website. Obviously, if the client has more websites, then the other shell users could access the other website, but this is a non-issue; worst case scenario, I can have only one website per client. If there is no way to configure this, a pointer as to where it is in the source would be nice.
