<div dir="auto"><div>Ansible is YAML, so it's dead simple from the perspective of a PHP Dev.</div><div><br></div><div data-smartmail="gmail_signature">--<br>Thanks,<br>Alexander<br><br>Sent from my Google Pixel 7 Pro</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 22, 2024, 15:35 <<a href="mailto:techlists@phpcoderusa.com">techlists@phpcoderusa.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
What is the learning curve for that?<br>
<br>
<br>
On 2024-10-22 15:09, Snyder, Alexander J wrote:<br>
> I think a lot of this could be made a lot easier with Ansible and<br>
> Jinja templates.<br>
> <br>
> --<br>
> Thanks,<br>
> Alexander<br>
> <br>
> Sent from my Google Pixel 7 Pro<br>
> <br>
> On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss<br>
> <<a href="mailto:plug-discuss@lists.phxlinux.org" target="_blank" rel="noreferrer">plug-discuss@lists.phxlinux.org</a>> wrote:<br>
> <br>
>> Thank You Everyone!!<br>
>> <br>
>> Seems the problem was I needed to uncomment "PasswordAuthentication<br>
>> yes". When creating a user with SSH ability.<br>
>> <br>
>> Keith<br>
>> <br>
>> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote:<br>
>>> ChatGPT gave a more complete answer than I do below (the question<br>
>> was:<br>
>>> This person is using vhost, and thinks he wants to chroot to the<br>
>>> docroot of the vhost when the user logs in. What do you think of<br>
>> that?)<br>
>>> <br>
>>> (I never thought I'd be pointing people to an AI for answers! ;-)<br>
>>> <br>
>>> <br>
>>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:<br>
>>>> One thing I don't understand, below.<br>
>>>> <br>
>>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:<br>
>>>>> Hi,<br>
>>>>> <br>
>>>>> I appreciate all the feedback. There is more to the story.<br>
>>>>> <br>
>>>>> ....<br>
>>>>> <br>
>>>>> The 3 things I think I need to accomplish:<br>
>>>>> <br>
>>>>> 1) Add a user and configure it to use SSH.<br>
>>>>> 2) Configure each vhost to use PHP-FPM.<br>
>>>>> 3) Limit the User to the docroot of it's virtual host.<br>
>>>>> (ChrootDirectory)<br>
>>>>> <br>
>>>> I don't understand # 3. Let me say what I think you said: you<br>
>> have<br>
>>>> (some number of) virtual machines. Or do you mean that thing<br>
>> that<br>
>>>> allows you to run more than one web address from the same IP<br>
>> address?<br>
>>>> In either case, why do you need to chroot to docroot? You do<br>
>> realize<br>
>>>> that docroot must then have EVERYTHING the user needs - all<br>
>> programs,<br>
>>>> all devices, everything. So you're going to need /dev, /bin,<br>
>>>> /usr/bin, and so forth or the user will be dead in the water with<br>
>> no<br>
>>>> commands - shoot, not even bash will be there to try to type<br>
>> commands!<br>
>>>> <br>
>>>> If you're doing the chroot already, and its failing, then that's<br>
>>>> probably because bash isn't there, nor is anything else you<br>
>> need...<br>
>>>> <br>
>>>>> I am using a clone of the LAMP server so I am going to remove it<br>
>> and<br>
>>>>> create another close and start by trying to create a use that<br>
>> has SSH<br>
>>>>> access and a home directory.<br>
>>>>> <br>
>>>> If you are using virtual machines, just clone it in the virtual<br>
>>>> machine - but then, I'm thinking you don't mean virtual machine,<br>
>> you<br>
>>>> mean that other thing :-)<br>
>>>>> Then I think I should work on limiting that user to the vhost<br>
>> that is<br>
>>>>> designated to work with.<br>
>>>>> <br>
>>>>> <br>
>>>> So, if you mean not virtual machine but that other thing, then<br>
>> you're<br>
>>>> either going to have to copy all the stuff I talk about above in<br>
>> to<br>
>>>> the docroot tree (which I still think will cause more problems<br>
>> than it<br>
>>>> will fix), or mount the stuff above inside the docroot, or figure<br>
>> out<br>
>>>> how to change permissions and ownership so that the user can only<br>
>> <br>
>>>> change the stuff in their docroot. Perhaps group ownership can<br>
>> save<br>
>>>> the day here, assuming you want ALL files in ALL web servers to<br>
>> be<br>
>>>> owned by whoever is running Apache, then create 2 or more groups,<br>
>> <br>
>>>> change all group ownership to the NON-User group, then<br>
>>>> <br>
>>>> change group ownership of all files in your docroot to the group<br>
>> of<br>
>>>> the user (obviously you're going to have to change the user to<br>
>> have<br>
>>>> that group too), then change permissions to something like 770<br>
>> for all<br>
>>>> directories everywhere (or 775, or whatever) and 660 for all<br>
>> files.<br>
>>>> Done, supposedly ;-)<br>
>>>> <br>
>>>>> <br>
>>>>> Then finish up by installing configuring the vhost to use<br>
>> PHP-FPM.<br>
>>>>> <br>
>>>>> Any thought are much appreciated!!<br>
>>>>> <br>
>>>>> Keith<br>
>>>>> <br>
>>>>> <br>
>>>> ---------------------------------------------------<br>
>>>> PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" rel="noreferrer">PLUG-discuss@lists.phxlinux.org</a><br>
>>>> To subscribe, unsubscribe, or to change your mail settings:<br>
>>>> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
>>> ---------------------------------------------------<br>
>>> PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" rel="noreferrer">PLUG-discuss@lists.phxlinux.org</a><br>
>>> To subscribe, unsubscribe, or to change your mail settings:<br>
>>> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
>> ---------------------------------------------------<br>
>> PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" rel="noreferrer">PLUG-discuss@lists.phxlinux.org</a><br>
>> To subscribe, unsubscribe, or to change your mail settings:<br>
>> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
</blockquote></div>