RE: Public Web server Help

• Previous message: saliskor_at_cyberus.ca: "Re: Workstation Screensaver Lock Timeouts"
• Maybe in reply to: Shawn Jackson: "Public Web server Help"
• Next in thread: Shawn Jackson: "RE: Public Web server Help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Mar 2004 18:17:29 +0100
To: "Alexander Lukyanenko" <sashman@ua.fm>, "Shawn Jackson" <sjackson@horizonusa.com>

OK this probably isn't over help full but I seen to think that CHROOT
may help lock users in.

Please feel free to let me know if I'm talking crap ;)

 
Andrew Shore
Senior Security Specialist
DDI. 01302 308 165
andrew.shore@holistecs.com
 
 
 
Company Number 04943010
VAT Number 828 8635 82
 
 
Holistic Technologies Ltd
Unit 7 Shaw Wood Business Park
Shaw Wood Way
Doncaster
South Yorkshire
DN2 5TB
T. 0870 240 1442
F. 0870 240 1443
www.holistecs.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
-----Original Message-----
From: Alexander Lukyanenko [mailto:sashman@ua.fm]
Sent: 27 March 2004 20:34
To: Shawn Jackson
Cc: security-basics@securityfocus.com
Subject: Re: Public Web server Help

Hello Shawn,

Friday, March 26, 2004, 8:34:43 PM, you wrote:

SJ> I have a question for the Linux/UNIX guru's out there. Currently
I
SJ> host a few people (projects I helped out with at one time or
another) on
SJ> my servers at home. They get Email, Web, FTP, etc. The hosting was
done
SJ> on one Win 2K box. In a effort to secure myself better I'm migrating
SJ> them to a Red Hat Linux 8 server, for Web/FTP and MySQL, Email and
SJ> others to be done latter, on different servers.

SJ> My plan is to setup a htdocs or public_html directory in their home
SJ> folder, under that will be each domain that the server hosts for
them,
SJ> (some of them have multiple domains). Using FTP I can easily lock
them
SJ> in their home directories but I also want to allow SSH access to the
SJ> server so they can get work done easier.

SJ> Does anyone know of any of have any document on how to lock users in
SJ> their home directories using SSH? In the UNIX/Telnet world there was
a
SJ> way, I just don't know if it migrated to the Linux world.

Why? They won't be able to access other user's directories nor do any
harm to a properly configured system.

SJ> Does anyone know of any or have any documents on how to properly
setup
SJ> Apache (HTTPD) for this environment. I've setup normal websites
using
SJ> Apache, Virtual Hosts, Aliases, etc but this seams to be a different
SJ> beast altogether.
For the simplest approach in form of http://foo.bar/~username, look at
Apache module called mod_userdir.

SJ> Does anyone know of any or have any documents on how to setup MySQL
for
SJ> this environment? My first theory was to setup a single DB, then
create
SJ> databases on demand, but is there a way to let each user setup their
own
SJ> 'instance' in their home directory?
In commercial shared hosting environment, every user's database is
named username_dbname to prevent all kinds of namespace collisions,
so the DBs are separated, and only the user is given access to it.

SJ> Anyone dealt with this situation, any help or nudges/kicks in the
right
SJ> direction is appreciated. Thanks!
I've used a commercial package for web-based shared server management
for Linux/FreeBSD called cPanel WHM http://www.cpanel.net/ It seems to
be overpriced, but I have no doubts in the existence of cheaper and/or
open-source management products.

* * * * * * * * * * * * * * *
* Alexander V. Lukyanenko *
* ma1lt0: sashman ua fm *
* ICQ# : 86195208 *
* Phone : +380 44 458 07 23 *
* OpenPGP key ID: 75EC057C *
* NIC : SASH4-UANIC *
* * * * * * * * * * * * * * *

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: saliskor_at_cyberus.ca: "Re: Workstation Screensaver Lock Timeouts"
• Maybe in reply to: Shawn Jackson: "Public Web server Help"
• Next in thread: Shawn Jackson: "RE: Public Web server Help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]