thanks for your response!
Quote:The problems you raise may be solved by using the "admins" (panel users) table instead of "ftp_users"
Well, it was obvious to utilize ftp_users
This way a customer might be able to add ssh users without handout his panel login. I also find it reasonable to have the same login for ftp and ssh. Both of these protocols are commonly used for work at the very same content, often by people not really involved in administrative tasks. I expect this to be closer at customer needs.
Indeed, technically the admins table would be better, as these accounts are definitely unique. Also no "special" treatment for users with different directories would be necessary. Anyway, it would be pretty complex to get uid, gid, shell and homedir data without adding additional information to the tables.
Generally, I think it's not really a problem if you decide between ftp_users at the customers root directory and ftp_users in subfolders. Having a chroot environment only available at root directory includes an ugly solution just out of the box: Users in subfolders might try to login, but ssh would never be able to spawn a shell.
More sophisticated would be adding a where clause to the /etc/pam.d/sshd mysql parameters to check against ispcp.domains and/or ispcp.ftp_groups. That way authentication could be limited to ftp_users at root directory. I'm currently behind this.
Quote:From what I understand in the code, the required things are:
1. The homedir and all its parent directories must be owned by root.
2. The homedir and all its parent directories must not be writable by group nor everyone.
Yes. That is exactly what is coded into OpenSSH. From OpenSSH's point of view, the "homedir" can be seen as "/home/", not "/home/user/". For ancient 1.3 OpenSSH there has been a chroot patch available which separated by path directive (e.g. /home/./user/), SSH.com also uses this directive, but I assume chroot into /var/www/virtual/ having domain.tld owned by the user is out of discussion. This would add more abstraction layers without adding real security.
I've tried your suggested directory permissions, but sshd complains about the /var/www/virtual/domain.tld to be owned by root as expected.
I've found a working set:
Code:
/var/www/virtual root:root rwx rx rx
/var/www/virtual/domain.tld root:vuXXXX rwx rx rx
That way a user is no longer able to change anything at root level. I don't know if this is a feature or a bug
This behaviour is also known from swsoft's panels.
Anyway, leaving all permissions inside /var/www/virtual/domain.tld untouched, I was able to login via FTP, via SSH also static html and dynamic php content is delivered as expected.
Free for discussion. I'ld also prefer to get rid of a patched ssh daemon. We should find some greater audience, as I'ld prefer to see ssh support included in ispCP's mainline ( this is an offer, not a claim).