I see several threads on security, but no resolution: contrary to one thought mentioned “Virtual server owners need shell to be productive” in our case, we are not resellers, Domains are divided up more along branding lines and to facilitate CMS… In this context I do not want the FTP users for a particular domain to be able to log in an see up and down the box. I have a core team of unix users, the only ones competent to work in a shell. Other users are just updating html files and changing text… all they need is FTP. Typically I just give the domain admin and password (on plesk) but the users were jailed into that domain and did not get shell (in plesk you could turn shell off for the domain owner user.) Under virtualMin it’s a bit scary because the domain own gets just about everything. In addition I want to also force everyone to use SFTP or SSH for FTP so now log ins are going thru clear text and then 3rd, I need to have at least one directory for “painless” FTP uploads for our advertisers and collaborators sending us large files… they need to be jailed into a single FTP directory. I’m not sure how to proceed. If I turn off FTP will SFTP still be an option? I cannot find where VirtualMin offers the option to turn off Shell for the virtualserver owner. I think we need a big "FAQ’ on this one…maybe it exists.
So I guess this boils down to 2 needs:
– jail in virtualDomain server owners: no shell, and SFTP or FISH only to their home directory and they cannot move from there.
– Setting up any FTP user who is jailed into a single directory, forcing them to use SFTP and SSH, (if possible… some users may use old clients)
Note, under plesk I set up "Web user" (www.mydomain.org/~jamie) and then gave a user and pass word for FTP to this subdomain… the user was jailed in, and could not see anywhere else on the box.