Hi Alexander, I'm a PHP developer and my audience on YouTube, I would guess, are people wanting to learn PHP. I use Linux to support my PHP programming. I'm wondering if there is some value in not automating so one has to do these tasks over and over. I'm thinking this can help the learning curve. I know I have learned a lot. I last did this stuff on CentOS 6.x maybe 5 or 6 years ago. Ubuntu is similar but different. Your Thoughts? Keith On 2024-10-22 15:34, Keith Smith via PLUG-discuss wrote: > What is the learning curve for that? > > > On 2024-10-22 15:09, Snyder, Alexander J wrote: >> I think a lot of this could be made a lot easier with Ansible and >> Jinja templates. >> >> -- >> Thanks, >> Alexander >> >> Sent from my Google Pixel 7 Pro >> >> On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss >> wrote: >> >>> Thank You Everyone!! >>> >>> Seems the problem was I needed to uncomment "PasswordAuthentication >>> yes". When creating a user with SSH ability. >>> >>> Keith >>> >>> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote: >>>> ChatGPT gave a more complete answer than I do below (the question >>> was: >>>> This person is using vhost, and thinks he wants to chroot to the >>>> docroot of the vhost when the user logs in. What do you think of >>> that?) >>>> >>>> (I never thought I'd be pointing people to an AI for answers! ;-) >>>> >>>> >>>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote: >>>>> One thing I don't understand, below. >>>>> >>>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote: >>>>>> Hi, >>>>>> >>>>>> I appreciate all the feedback. There is more to the story. >>>>>> >>>>>> .... >>>>>> >>>>>> The 3 things I think I need to accomplish: >>>>>> >>>>>> 1) Add a user and configure it to use SSH. >>>>>> 2) Configure each vhost to use PHP-FPM. >>>>>> 3) Limit the User to the docroot of it's virtual host. >>>>>> (ChrootDirectory) >>>>>> >>>>> I don't understand # 3. Let me say what I think you said: you >>> have >>>>> (some number of) virtual machines. Or do you mean that thing >>> that >>>>> allows you to run more than one web address from the same IP >>> address? >>>>> In either case, why do you need to chroot to docroot? You do >>> realize >>>>> that docroot must then have EVERYTHING the user needs - all >>> programs, >>>>> all devices, everything. So you're going to need /dev, /bin, >>>>> /usr/bin, and so forth or the user will be dead in the water with >>> no >>>>> commands - shoot, not even bash will be there to try to type >>> commands! >>>>> >>>>> If you're doing the chroot already, and its failing, then that's >>>>> probably because bash isn't there, nor is anything else you >>> need... >>>>> >>>>>> I am using a clone of the LAMP server so I am going to remove it >>> and >>>>>> create another close and start by trying to create a use that >>> has SSH >>>>>> access and a home directory. >>>>>> >>>>> If you are using virtual machines, just clone it in the virtual >>>>> machine - but then, I'm thinking you don't mean virtual machine, >>> you >>>>> mean that other thing :-) >>>>>> Then I think I should work on limiting that user to the vhost >>> that is >>>>>> designated to work with. >>>>>> >>>>>> >>>>> So, if you mean not virtual machine but that other thing, then >>> you're >>>>> either going to have to copy all the stuff I talk about above in >>> to >>>>> the docroot tree (which I still think will cause more problems >>> than it >>>>> will fix), or mount the stuff above inside the docroot, or figure >>> out >>>>> how to change permissions and ownership so that the user can only >>> >>>>> change the stuff in their docroot. Perhaps group ownership can >>> save >>>>> the day here, assuming you want ALL files in ALL web servers to >>> be >>>>> owned by whoever is running Apache, then create 2 or more groups, >>> >>>>> change all group ownership to the NON-User group, then >>>>> >>>>> change group ownership of all files in your docroot to the group >>> of >>>>> the user (obviously you're going to have to change the user to >>> have >>>>> that group too), then change permissions to something like 770 >>> for all >>>>> directories everywhere (or 775, or whatever) and 660 for all >>> files. >>>>> Done, supposedly ;-) >>>>> >>>>>> >>>>>> Then finish up by installing configuring the vhost to use >>> PHP-FPM. >>>>>> >>>>>> Any thought are much appreciated!! >>>>>> >>>>>> Keith >>>>>> >>>>>> >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> --------------------------------------------------- >>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss