Read & Write Permissions for SSH User and Web Server Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)changing ownership and permissions of /usr/bin/ and /var disables sshuser permissions in shared folderDoes nginx require an Ubuntu user for each server block?How to setup Restricted (permission) access for Directories in Apache2 web serverNon-jailed SSH user getting /bin/bash permission deniedRestrict SSH user to one directory onlyUbuntu users management, groups, users, permissionsallow SSH access for a specific local user from only internal networks and deny SSH access to that user from External networksUbunu: restrict user only in a single directory without permissions to view anothers with SSH Key authApache permissions to allow both user and web server to edit /var/www
Is high blood pressure ever a symptom attributable solely to dehydration?
What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play?
How to find all the available tools in macOS terminal?
Is a manifold-with-boundary with given interior and non-empty boundary essentially unique?
How can I make names more distinctive without making them longer?
Are my PIs rude or am I just being too sensitive?
Why does Python start at index 1 when iterating an array backwards?
Is above average number of years spent on PhD considered a red flag in future academia or industry positions?
If a contract sometimes uses the wrong name, is it still valid?
Why is "Captain Marvel" translated as male in Portugal?
Is there a way in Ruby to make just any one out of many keyword arguments required?
How much radiation do nuclear physics experiments expose researchers to nowadays?
Can inflation occur in a positive-sum game currency system such as the Stack Exchange reputation system?
Java 8 stream max() function argument type Comparator vs Comparable
Doubts about chords
Did Xerox really develop the first LAN?
Check which numbers satisfy the condition [A*B*C = A! + B! + C!]
Disable hyphenation for an entire paragraph
Gastric acid as a weapon
Bonus calculation: Am I making a mountain out of a molehill?
WAN encapsulation
Does polymorph use a PC’s CR or its level?
List *all* the tuples!
Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast?
Read & Write Permissions for SSH User and Web Server
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)changing ownership and permissions of /usr/bin/ and /var disables sshuser permissions in shared folderDoes nginx require an Ubuntu user for each server block?How to setup Restricted (permission) access for Directories in Apache2 web serverNon-jailed SSH user getting /bin/bash permission deniedRestrict SSH user to one directory onlyUbuntu users management, groups, users, permissionsallow SSH access for a specific local user from only internal networks and deny SSH access to that user from External networksUbunu: restrict user only in a single directory without permissions to view anothers with SSH Key authApache permissions to allow both user and web server to edit /var/www
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
asked 4 hours ago
RehmatRehmat
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
asked 4 hours ago
RehmatRehmat
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
asked 4 hours ago
RehmatRehmat
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
First of all, let me clarify that I've searched through Ask Ubuntu and Stack Overflow as well as have googled a lot but didn't find any concreted solution to my problem.
So I'm setting up a web hosting environment on an Ubuntu server. The server is running Nginx as www-data user. The issue where I'm stuck is the isolation of SSH users.
With a jailed setup, I can restrict an SSH user to their own directory but at the same time, I need to give web server write access to the directories. Now even if a user is jailed, if he knows the absolute path to any other SSH users' home directories (where the web-server has write permissions), he will be able to modify the stuff (write, delete or whatever) without any restriction using the web server.
For example a user can execute a PHP script from /var/userone/sites/alter.php like:
file_put_contents('Creating a file with this text', '/var/usertwo/sites/create.php');
to create a new file create.php in usertwo's home directory. Am I correct?
In this scenario, what's the best way to isolate the SSH users so they should not be view/read each other's directories keeping the web server working without any permission issues?
Any proper guidance will be highly appreciated.
ssh apache2 nginx
ssh apache2 nginx
asked 4 hours ago
RehmatRehmat
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
RehmatRehmat
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
RehmatRehmat
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
RehmatRehmat
1013
asked 4 hours ago
RehmatRehmat
1013
1013
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Rehmat is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Rehmat is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134185%2fread-write-permissions-for-ssh-user-and-web-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Rehmat is a new contributor. Be nice, and check out our Code of Conduct.
Rehmat is a new contributor. Be nice, and check out our Code of Conduct.
Rehmat is a new contributor. Be nice, and check out our Code of Conduct.
Rehmat is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134185%2fread-write-permissions-for-ssh-user-and-web-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
