How can I configure it so that a user cannot (easily) see outside of their own domain area on the server? I have read posts that debate whether unix permissions should be sufficient to safeguard user files. And, while that’s important, that’s not what I’m writing about here. It’s about (the perception of) privacy.
I want to make it so that an end user cannot merely ssh into the server and navigate outside of their own area. I want to make it so that an end user cannot merely use the Virtualmin interface to see outside of their own area (e.g., Webmin Modules > File Manager).
Yes, I do understand that they can discover information this information by other means. But, if I can achieve domain privacy at the GUI level and at the FTP and SSH level, then I think that is satisfactory.
most of the restrictions can be done in a server template and also in the Virtualmin - system settings - Module Config
then browse to Extra modules available to server administrators and set File Manager (home directory only) to yes
as to shell access select no to the SSH/Telnet Login module so only trusted users can use shell through a client terminal like putty
I have read that trying to jail ssh will likely break things and make the system less secure as you will try to force a system to do something it was not designed to do. There are also different levels of shell and you might want to look into that. I am not an expert in this particular area.
At least shutting it down in the GUI would accomplish a lot and as for privacy…in my opinion as soon as one chooses for shared web hosting, there is very limited privacy else one would get his/her own server
Browse to Webmin:Servers:ProFTPd, click Files and Directories, and select "Home directory" for the option labeled "Limit users to directories". Save it, and restart ProFTPd.
We do not recommend chroot for ssh. It actually removes some real security mechanisms (privilege separation, for instance). The problem with a chroot ssh is that you have to provide a pretty powerful set of tools within the chroot to make it useful, and those tools mean there are a lot of attack vectors (none of which my be exploitable…but one never knows).
So, basically, no. Virtualmin doesn’t create chroot environments and never will. We think that if you need separate servers (with separate services so that it’s not merely an illusion of privacy), you’ll want to use a virtualized system–Xen, vserver, Zones. And we have a product for that coming soon (VM2, in private beta).
But, “privacy” should already be pretty perceptible, since our default home permissions on all systems that allow it is 750. So, no one in other domains can peek into any other home directory–even with a CGI script (as long as you run all applications under suexec, rather than mod_php or whatever). The only thing anyone can see would be the names of the home directories…which I can’t imagine would be considered “sensitive”, right?
Oh, yeah, when I say “on all systems that allow it”, I mean Linux systems. FreeBSD has a limit on secondary groups, which prevents it–so homes are 751. I don’t recall if Solaris is subject to the same limitation, but it might be.
Just an addition to this topic… I have just installed Virtualmin and maybe I’ve done something wrong…
When I login as the new admin user of the new VirtualServer using USERMIN, I can see outside of my domain root and even edit stuff.
What have I missed?
I have followed the information above and still no change… any help?
Also, when I look at the video, it seems to show a separate whole system for Virtualmin within Webmin. Mine just appears as a link under "Servers" labelled "Virtualmin Virtual Servers"