What is the learning curve for that? On 2024-10-22 15:09, Snyder, Alexander J wrote: > I think a lot of this could be made a lot easier with Ansible and > Jinja templates. > > -- > Thanks, > Alexander > > Sent from my Google Pixel 7 Pro > > On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss > wrote: > >> Thank You Everyone!! >> >> Seems the problem was I needed to uncomment "PasswordAuthentication >> yes". When creating a user with SSH ability. >> >> Keith >> >> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote: >>> ChatGPT gave a more complete answer than I do below (the question >> was: >>> This person is using vhost, and thinks he wants to chroot to the >>> docroot of the vhost when the user logs in. What do you think of >> that?) >>> >>> (I never thought I'd be pointing people to an AI for answers! ;-) >>> >>> >>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote: >>>> One thing I don't understand, below. >>>> >>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote: >>>>> Hi, >>>>> >>>>> I appreciate all the feedback. There is more to the story. >>>>> >>>>> .... >>>>> >>>>> The 3 things I think I need to accomplish: >>>>> >>>>> 1) Add a user and configure it to use SSH. >>>>> 2) Configure each vhost to use PHP-FPM. >>>>> 3) Limit the User to the docroot of it's virtual host. >>>>> (ChrootDirectory) >>>>> >>>> I don't understand # 3. Let me say what I think you said: you >> have >>>> (some number of) virtual machines. Or do you mean that thing >> that >>>> allows you to run more than one web address from the same IP >> address? >>>> In either case, why do you need to chroot to docroot? You do >> realize >>>> that docroot must then have EVERYTHING the user needs - all >> programs, >>>> all devices, everything. So you're going to need /dev, /bin, >>>> /usr/bin, and so forth or the user will be dead in the water with >> no >>>> commands - shoot, not even bash will be there to try to type >> commands! >>>> >>>> If you're doing the chroot already, and its failing, then that's >>>> probably because bash isn't there, nor is anything else you >> need... >>>> >>>>> I am using a clone of the LAMP server so I am going to remove it >> and >>>>> create another close and start by trying to create a use that >> has SSH >>>>> access and a home directory. >>>>> >>>> If you are using virtual machines, just clone it in the virtual >>>> machine - but then, I'm thinking you don't mean virtual machine, >> you >>>> mean that other thing :-) >>>>> Then I think I should work on limiting that user to the vhost >> that is >>>>> designated to work with. >>>>> >>>>> >>>> So, if you mean not virtual machine but that other thing, then >> you're >>>> either going to have to copy all the stuff I talk about above in >> to >>>> the docroot tree (which I still think will cause more problems >> than it >>>> will fix), or mount the stuff above inside the docroot, or figure >> out >>>> how to change permissions and ownership so that the user can only >> >>>> change the stuff in their docroot. Perhaps group ownership can >> save >>>> the day here, assuming you want ALL files in ALL web servers to >> be >>>> owned by whoever is running Apache, then create 2 or more groups, >> >>>> change all group ownership to the NON-User group, then >>>> >>>> change group ownership of all files in your docroot to the group >> of >>>> the user (obviously you're going to have to change the user to >> have >>>> that group too), then change permissions to something like 770 >> for all >>>> directories everywhere (or 775, or whatever) and 660 for all >> files. >>>> Done, supposedly ;-) >>>> >>>>> >>>>> Then finish up by installing configuring the vhost to use >> PHP-FPM. >>>>> >>>>> Any thought are much appreciated!! >>>>> >>>>> Keith >>>>> >>>>> >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> --------------------------------------------------- >>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >> --------------------------------------------------- >> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss