[Chugalug] Running multi sites on one(non virt) machine

Eric Wolf ebwolf at gmail.com
Mon Mar 17 14:55:00 UTC 2014


You hate cPanel buy what do your customers think of it?
On Mar 17, 2014 7:55 AM, "David White" <dwrudy at gmail.com> wrote:

> I'm digging up an old thread. Originally, I searched my Chugalug archives
> for OSSEC, but this email thread (ironically) brings up the real reason I
> was searching for OSSEC - figuring out a better way to secure my shared
> webserver infrastructure.
>
> Because right now, the single shared server I operate is anything but
> secure other than a few scripts monitoring for file hash changes and having
> password auth turned off, only relying on key-based auth, and blocking IP
> addresses that repeatedly try to brute force the machine (I also manage
> dedicated servers which is obviously much more preferable, security-wise).
>
> I really need a way to separate permissions and visibility from 1 user's
> directory to another's (user X shouldn't be able to see user Y's stuff when
> they login via sFTP). Even though I have my user's stuff separated in
> different directories, any user - if they wanted to and knew how, could
> navigate *up* the directory tree and then over into another user's
> folder.
>
> Permissions are set so that they can't actually edit the files, but
> reading the files is bad enough... This has always been in the back of my
> mind as an issue I need to deal with - and I hate cPanel, and refuse to use
> it.
>
> I'll take a look at the Webmin idea, as well as Apache vhosts... I think I
> remember looking into that a year or two ago, and not getting anywhere with
> it. I'll try another attempt.
>
>
>
> On Mon, Jun 24, 2013 at 10:50 AM, Matt Keys <mk6032 at yahoo.com> wrote:
>
>>  Thanks for the tip on etckeeper! Tripwire / OSSEC hash files and tell
>> you if the hash has changed but they don't give you the actual change. This
>> should work much better!
>>
>> Regards,
>> Matt
>>
>>
>> On 06/23/2013 02:52 PM, Jason Brown wrote:
>>
>> I like the way virtualmin <http://www.virtualmin.com/> (A webmin addon)
>> handles this, even if I don't always use the software.  You can use it for
>> configuration, then shut it down when not needed if it's overhead is in the
>> way.
>>
>> In short, each website / apache virtual host gets it's own user, unless
>> it is a sub-server under and existing user. It's a good data segmentation
>> model.
>>
>> For web site setup operations it is also a useful learning tool, change
>> an option and see what it did in the configuration file(s). etckeeper + git
>> is your friend here.
>>
>> --Jason
>>
>>
>>
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>
>>
>
>
> --
> David White
> Founder & CEO
>
> *Develop CENTS *
> Computing, Equipping, Networking, Training & Supporting
> Nonprofit Organizations Worldwide
> http://developcents.com
> 423-693-4234
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140317/81fce2f1/attachment.html>


More information about the Chugalug mailing list