Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A friend and I are setting up a simple web hosting server. We want to lock it down as much as possible so that users can't access anything but their own home directories, but obviously we don't want to break anything in the process. We also don't really want to use chroot - bad experiences in the past. What's the best way to go about doing it?
If it were me I'd look at implementing a Linux-VServer to contain your cantankerous users in. Within the pseudo-virtualized environment, you could simply make filesystem permissions on their home directories less liberal.
Although I haven't tried this out, the installation on debian looks particularly painless.
Vservers would be overkill for this purpose, but if thats your cup of tea check out OpenVZ as well.
Yeah, we don't really want a separate VServer for each website hosted - especially as the people we're hosting for are unlikely to know anything about server administration. Might be worth doing one or two for the different types of sites we're hosting though.
We're not going to give users SSH access - only FTP and they'll be locked in to their home directory - but we want to be on the safe side with permissions. Apart from not letting users access other users' home directories, and not being able to read config files, what do we need to be careful about? Maybe using suphp?
We're not going to give users SSH access - only FTP and they'll be locked in to their home directory - but we want to be on the safe side with permissions.
More info like this in your first post (rather than after the fact) will generally help you get a more useful response. Given this new info, Linux-VServers are probably not needed.
What is your real question about then? Filesystem/permission security? It sounds like you'll be using chrooted ftp for each user (and presumably a nologin shell).
More info like this in your first post (rather than after the fact) will generally help you get a more useful response. Given this new info, Linux-VServers are probably not needed.
Yeah, sorry - what we want is still a bit hazy and we keep changing our minds.
Quote:
Originally Posted by anomie
What is your real question about then? Filesystem/permission security? It sounds like you'll be using chrooted ftp for each user (and presumably a nologin shell).
I think that's pretty much what we're going for. Really, what we want is to restrict what users can do as much as possible, and reduce the risk of their sites compromising our server - we've inherited the server which got rooted a few times before we came along. We've since formatted and reinstalled so we're just looking to get the most secure setup possible.
I know a 'chrooted' ftp account is quite secure, but I've read it can be broken. With PHP, we're going to use open_basedir to lock that aspect down (other scripting languages won't be executable), and we've got our /tmp on a separate partition, mounting with nodev, nosuid and noexec.
Really, what we want is to restrict what users can do as much as possible, and reduce the risk of their sites compromising our server
I'm going to make some assumptions first -- namely that you're familiar with and have taken very general hardening steps such as: shut off unneeded services, removed unnecessary packages, disabled suid binaries where possible, looked at potentially implementing a HIDS, hardened traffic at the IP level where possible (via netfilter), etc.
I don't know the status of MAC implementations on debian, but if something worthwhile is available that would be a good area to look into further. This could be the difference between a zero-day exploit in apache (or a poorly configured apache) causing major damage or being contained within its security context.
Finally, at the application level both apache and PHP are very complex beasts. To harden these properly would require an understanding beyond what I can personally provide. I'd look into books and/or classes to get you up to speed.
This all comes down to your customers and your acceptable level of risk. Is this a fun little test project for some buddies? If yes, you can shoot and miss, rebuild and try it all over again. Does your mortgage payment depend on a successful outcome with this project? If yes, I'd get ready to do a lot of learning and testing up front to properly harden the OS, application, and network layers.
Addendum: The chrooted ftp account (try vsftpd -- it's pretty good) is the least of your worries, IMO. Just set them up and give them a nologin shell.
Do keep in mind that ftp is a clear text protocol, though, so their authentication info will be sent across the wire for nasty people to potentially see.
It sounds like you want a server configured for reselling. This is a problem that has been solved thousands of times before, by every provider of shared hosting services.
There are many ways to do this, and all kinds of pre-packaged stuff out there to help you do it.
cPanel and LxAdmin are the commercial packages that will do all this for you right out of the box, or you can use DirectAdmin, which is free (based on Webmin).
Unfortunately we can't use any panels because our 'clients' aren't necessarily going to have their own domain names (which, as far as I can tell, is a prerequisite of setting up hosting through a panel).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.