Ansible is YAML, so it's dead simple from the perspective of a PHP Dev. -- Thanks, Alexander Sent from my Google Pixel 7 Pro On Tue, Oct 22, 2024, 15:35 wrote: > > What is the learning curve for that? > > > On 2024-10-22 15:09, Snyder, Alexander J wrote: > > I think a lot of this could be made a lot easier with Ansible and > > Jinja templates. > > > > -- > > Thanks, > > Alexander > > > > Sent from my Google Pixel 7 Pro > > > > On Tue, Oct 22, 2024, 13:39 Keith Smith via PLUG-discuss > > wrote: > > > >> Thank You Everyone!! > >> > >> Seems the problem was I needed to uncomment "PasswordAuthentication > >> yes". When creating a user with SSH ability. > >> > >> Keith > >> > >> On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote: > >>> ChatGPT gave a more complete answer than I do below (the question > >> was: > >>> This person is using vhost, and thinks he wants to chroot to the > >>> docroot of the vhost when the user logs in. What do you think of > >> that?) > >>> > >>> (I never thought I'd be pointing people to an AI for answers! ;-) > >>> > >>> > >>> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote: > >>>> One thing I don't understand, below. > >>>> > >>>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote: > >>>>> Hi, > >>>>> > >>>>> I appreciate all the feedback. There is more to the story. > >>>>> > >>>>> .... > >>>>> > >>>>> The 3 things I think I need to accomplish: > >>>>> > >>>>> 1) Add a user and configure it to use SSH. > >>>>> 2) Configure each vhost to use PHP-FPM. > >>>>> 3) Limit the User to the docroot of it's virtual host. > >>>>> (ChrootDirectory) > >>>>> > >>>> I don't understand # 3. Let me say what I think you said: you > >> have > >>>> (some number of) virtual machines. Or do you mean that thing > >> that > >>>> allows you to run more than one web address from the same IP > >> address? > >>>> In either case, why do you need to chroot to docroot? You do > >> realize > >>>> that docroot must then have EVERYTHING the user needs - all > >> programs, > >>>> all devices, everything. So you're going to need /dev, /bin, > >>>> /usr/bin, and so forth or the user will be dead in the water with > >> no > >>>> commands - shoot, not even bash will be there to try to type > >> commands! > >>>> > >>>> If you're doing the chroot already, and its failing, then that's > >>>> probably because bash isn't there, nor is anything else you > >> need... > >>>> > >>>>> I am using a clone of the LAMP server so I am going to remove it > >> and > >>>>> create another close and start by trying to create a use that > >> has SSH > >>>>> access and a home directory. > >>>>> > >>>> If you are using virtual machines, just clone it in the virtual > >>>> machine - but then, I'm thinking you don't mean virtual machine, > >> you > >>>> mean that other thing :-) > >>>>> Then I think I should work on limiting that user to the vhost > >> that is > >>>>> designated to work with. > >>>>> > >>>>> > >>>> So, if you mean not virtual machine but that other thing, then > >> you're > >>>> either going to have to copy all the stuff I talk about above in > >> to > >>>> the docroot tree (which I still think will cause more problems > >> than it > >>>> will fix), or mount the stuff above inside the docroot, or figure > >> out > >>>> how to change permissions and ownership so that the user can only > >> > >>>> change the stuff in their docroot. Perhaps group ownership can > >> save > >>>> the day here, assuming you want ALL files in ALL web servers to > >> be > >>>> owned by whoever is running Apache, then create 2 or more groups, > >> > >>>> change all group ownership to the NON-User group, then > >>>> > >>>> change group ownership of all files in your docroot to the group > >> of > >>>> the user (obviously you're going to have to change the user to > >> have > >>>> that group too), then change permissions to something like 770 > >> for all > >>>> directories everywhere (or 775, or whatever) and 660 for all > >> files. > >>>> Done, supposedly ;-) > >>>> > >>>>> > >>>>> Then finish up by installing configuring the vhost to use > >> PHP-FPM. > >>>>> > >>>>> Any thought are much appreciated!! > >>>>> > >>>>> Keith > >>>>> > >>>>> > >>>> --------------------------------------------------- > >>>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > >>>> To subscribe, unsubscribe, or to change your mail settings: > >>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > >>> --------------------------------------------------- > >>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > >>> To subscribe, unsubscribe, or to change your mail settings: > >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > >> --------------------------------------------------- > >> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > >> To subscribe, unsubscribe, or to change your mail settings: > >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >