Directories permissions

[mike08]

Hello guys,

I got one question here a bit important, I have some users on vestacp that needs ssh access to perform some tasks, before I give them access I tested those SSH accounts, so lets specify some criteria:

UserA has domainA.tld
UserB has domainB.tld

Now when I get the UserA ssh account ready I can read some files for the UserB account, eg: cat /home/UserB/web/domainB.tld/public_html/config.php. When I run such command I can get the database information for domainB.tld wordpress installation which is NOT good since you can do a cat /etc/passwd and know what users are running in that machine, I applied the following dir permissions as a temporary fix:

Code: Select all

chmod 750 /home/UserA/ (by default, vesta does a chmod a+x $HOMEDIR/$USER)
chmod 750 /home/UserB/

Then

Code: Select all

chgrp www-data /home/UserA/
chgrp www-data /home/UserB/

Doing so neither UserA nor UserB will be able to read files on other user's accounts and apache would be able to read and execute those files, however I don't feel that this is the best way to do it.

Code: Select all

UserA@exodus:~cat /home/UserB/web/domainB.tld/public_html/config.php
cat: cannot access /home/UserB/web/domainB.tld/public_html/config.php: Permission denied

Do you guy have a better and secure way to do it? I wouldn't like to install a jailssh since I could break my system.
Any info would be greatly appreciated.
BTW what an awesome panel!

[skurudo]

jailed sftp/ssh will be in new version

[skurudo]

There is commit on github:
https://github.com/serghey-rodin/vesta/ ... 755ca3e259

[mike08]

Great, thanks for the infor.