Read & Write Permissions for SSH User and Web Serverchanging ownership and permissions of /usr/bin/ and /var disables sshDoes nginx require an Ubuntu user for each server block?How to setup Restricted (permission) access for Directories in Apache2 web serverNon-jailed SSH user getting /bin/bash permission deniedRestrict SSH user to one directory onlyApache permissions to allow both user and web server to edit /var/www
Is there any iPhone SE out there with 3D Touch?
My Project Manager does not accept carry-over in Scrum, Is that normal?
A high quality contribution but an annoying error is present in my published article
Which place in our solar system is mostly fit for terraforming?
How to deal with my team leader who keeps calling me about project updates even though I am on leave for personal reasons?
Late 1970's and 6502 chip facilities for operating systems
Resolving moral conflict
Most practical way to create numbered ladder drop layout
What can a pilot do if an air traffic controller is incapacitated?
Is "ln" (natural log) and "log" the same thing if used in this answer?
If an object moving in a circle experiences centripetal force, then doesn't it also experience centrifugal force, because of Newton's third law?
Do we know the situation in Britain before Sealion (summer 1940)?
What is the meaning of word 'crack' in chapter 33 of A Game of Thrones?
Finding Primes in Pi
What is the need of methods like GET and POST in the HTTP protocol?
I reverse the source code, you negate the output!
Where are they calling from?
Do the villains know Batman has no superpowers?
Could Apollo astronauts see city lights from the moon?
Did Apollo carry and use WD40?
Does wetting a beer glass change the foam characteristics?
Why does this image of Jupiter look so strange?
How to manage expenditure when billing cycles and paycheck cycles are not aligned?
Is it true that, "just ten trading days represent 63 per cent of the returns of the past 50 years"?
Read & Write Permissions for SSH User and Web Server
changing ownership and permissions of /usr/bin/ and /var disables sshDoes nginx require an Ubuntu user for each server block?How to setup Restricted (permission) access for Directories in Apache2 web serverNon-jailed SSH user getting /bin/bash permission deniedRestrict SSH user to one directory onlyApache permissions to allow both user and web server to edit /var/www
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be able to view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
add a comment
|
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be able to view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
add a comment
|
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be able to view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be able to view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
ssh apache2 nginx
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
edited Apr 16 at 10:14
Rehmat
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
asked Apr 15 at 20:34
RehmatRehmat
1065 bronze badges
1065 bronze badges
add a comment
|
add a comment
|
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134185%2fread-write-permissions-for-ssh-user-and-web-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134185%2fread-write-permissions-for-ssh-user-and-web-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
