Vesta Control Panel - Forum

Hello guys,

I got one question here a bit important, I have some users on vestacp that needs ssh access to perform some tasks, before I give them access I tested those SSH accounts, so lets specify some criteria:

UserA has domainA.tld
UserB has domainB.tld

Now when I get the UserA ssh account ready I can read some files for the UserB account, eg: cat /home/UserB/web/domainB.tld/public_html/config.php. When I run such command I can get the database information for domainB.tld wordpress installation which is NOT good since you can do a cat /etc/passwd and know what users are running in that machine, I applied the following dir permissions as a temporary fix: Then Doing so neither UserA nor UserB will be able to read files on other user's accounts and apache would be able to read and execute those files, however I don't feel that this is the best way to do it. Do you guy have a better and secure way to do it? I wouldn't like to install a jailssh since I could break my system.
Any info would be greatly appreciated.
BTW what an awesome panel!

jailed sftp/ssh will be in new version

There is commit on github:
https://github.com/serghey-rodin/vesta/ ... 755ca3e259

Great, thanks for the infor.