I just installed Virtualmin GPL (again) on two virtual servers – still testing it to see how well Virtualmin Pro will cope with commercial hosting. It appears that Proftpd is the ftp server of choice, because it’s what Virtualmin GPL defaults to.
And today was not my lucky day.
After the installation completed, Proftpd failed to start, due to an interaction with the protection of the ssh host key. In CentOS 7,
/etc/ssh/ssh_host_rsa_key is group
ssh_keys and group-readable. This is essential to make host-based authentication work. (This was a bug https://bugzilla.redhat.com/show_bug.cgi?id=819896 that got fixed. See also a general description of host-based authentication http://itg.chem.indiana.edu/inc/wiki/software/openssh/189.html.)
But Proftp won’t start if
/etc/ssh/ssh_host_rsa_key is group-readable. So we must either give up host-based authentication, or give up Proftpd. Reluctantly, I picked in favor of Proftpd and made
Proftpd failed to start again due to another ssh host key problem. But that’s another story.
Anyway, I did some web searches, and found a lot of discussion of how sftp ought to be provided with Virtualmin Pro, and apparently is not, except as a feature within ssh. In other words, as Virtualmin Pro is currently provided, you get sftp access only if you have ssh access, and there is no provision to provide a user with only sftp access.
There was also some discussion about how it would be desirable to limit an ftp or sftp user to a specific directory hierarchy. The Virtualmin developers said there is no way to do this except give the user a private server of his own, managed by Cloudmin. https://www.virtualmin.com/documentation/security/faq.
So here’s my point. There are a lot of opinions about how things ought to be done, and Virtualmin Pro (nor GPL) doesn’t do them all. It doesn’t do chrooted sftp, so far as I can tell. But newer software makes these things easy. Newer Openssh, for example, allows chrooted sftp almost trivially, just by adding a few lines for each user. Now the sftp user is tied down into his own directory hierarchy.
So why don’t the Virtualmin developers do something fairly simple? That would solve so many problems. Here it is:
Provide hooks, so an external script is optionally called before and after every time any change is made. And give that script a complete list of arguments, so it knows exactly what operations are involved which users, which virtualhosts, which directories.
Now people who want to use Virtualmin Pro for web-hosting can add missing features (such as chrooted sftp) on their own, without hassling the Virtualmin developers for every small thing. You give us the essential framework, and we’ll fine-tune it with the help of these scripts.