Re: Unable to SSH into Server

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Rusty Carruth via PLUG-discuss
Date:  
To: plug-discuss
CC: Rusty Carruth
Subject: Re: Unable to SSH into Server
ChatGPT gave a more complete answer than I do below (the question was:
This person is using vhost, and thinks he wants to chroot to the docroot
of the vhost when the user logs in. What do you think of that?)

(I never thought I'd be pointing people to an AI for answers! ;-)


On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:
> One thing I don't understand, below.
>
> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:
>> Hi,
>>
>> I appreciate all the feedback.  There is more to the story.
>>
>> ....
>>
>> The 3 things I think I need to accomplish:
>>
>> 1) Add a user and configure it to use SSH.
>> 2) Configure each vhost to use PHP-FPM.
>> 3) Limit the User to the docroot of it's virtual host. (ChrootDirectory)
>>
> I don't understand # 3.  Let me say what I think you said:  you have
> (some number of) virtual machines.  Or do you mean that thing that
> allows you to run more than one web address from the same IP address? 
> In either case, why do you need to chroot to docroot? You do realize
> that docroot must then have EVERYTHING the user needs - all programs,
> all devices, everything.  So you're going to need /dev, /bin,
> /usr/bin, and so forth or the user will be dead in the water with no
> commands - shoot, not even bash will be there to try to type commands!
>
> If you're doing the chroot already, and its failing, then that's
> probably because bash isn't there, nor is anything else you need...
>
>> I am using a clone of the LAMP server so I am going to remove it and
>> create another close and start by trying to create a use that has SSH
>> access and a home directory.
>>
> If you are using virtual machines, just clone it in the virtual
> machine - but then, I'm thinking you don't mean virtual machine, you
> mean that other thing :-)
>> Then I think I should work on limiting that user to the vhost that is
>> designated to work with.
>>
>>
> So, if you mean not virtual machine but that other thing, then you're
> either going to have to copy all the stuff I talk about above in to
> the docroot tree (which I still think will cause more problems than it
> will fix), or mount the stuff above inside the docroot, or figure out
> how to change permissions and ownership so that the user can only
> change the stuff in their docroot.  Perhaps group ownership can save
> the day here, assuming you want ALL files in ALL web servers to be
> owned by whoever is running Apache, then create 2 or more groups,
> change all group ownership to the NON-User group, then
>
> change group ownership of all files in your docroot to the group of
> the user (obviously you're going to have to change the user to have
> that group too), then change permissions to something like 770 for all
> directories everywhere (or 775, or whatever) and 660 for all files. 
> Done, supposedly ;-)
>
>>
>> Then finish up by installing configuring the vhost to use PHP-FPM.
>>
>> Any thought are much appreciated!!
>>
>> Keith
>>
>>
> ---------------------------------------------------
> PLUG-discuss mailing list:
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss