Thank You Everyone!!
Seems the problem was I needed to uncomment "PasswordAuthentication
yes". When creating a user with SSH ability.
Keith
On 2024-10-22 10:46, Rusty Carruth via PLUG-discuss wrote:
> ChatGPT gave a more complete answer than I do below (the question was:
> This person is using vhost, and thinks he wants to chroot to the
> docroot of the vhost when the user logs in. What do you think of that?)
>
> (I never thought I'd be pointing people to an AI for answers! ;-)
>
>
> On 10/22/24 10:42, Rusty Carruth via PLUG-discuss wrote:
>> One thing I don't understand, below.
>>
>> On 10/22/24 10:25, Keith Smith via PLUG-discuss wrote:
>>> Hi,
>>>
>>> I appreciate all the feedback. There is more to the story.
>>>
>>> ....
>>>
>>> The 3 things I think I need to accomplish:
>>>
>>> 1) Add a user and configure it to use SSH.
>>> 2) Configure each vhost to use PHP-FPM.
>>> 3) Limit the User to the docroot of it's virtual host.
>>> (ChrootDirectory)
>>>
>> I don't understand # 3. Let me say what I think you said: you have
>> (some number of) virtual machines. Or do you mean that thing that
>> allows you to run more than one web address from the same IP address?
>> In either case, why do you need to chroot to docroot? You do realize
>> that docroot must then have EVERYTHING the user needs - all programs,
>> all devices, everything. So you're going to need /dev, /bin,
>> /usr/bin, and so forth or the user will be dead in the water with no
>> commands - shoot, not even bash will be there to try to type commands!
>>
>> If you're doing the chroot already, and its failing, then that's
>> probably because bash isn't there, nor is anything else you need...
>>
>>> I am using a clone of the LAMP server so I am going to remove it and
>>> create another close and start by trying to create a use that has SSH
>>> access and a home directory.
>>>
>> If you are using virtual machines, just clone it in the virtual
>> machine - but then, I'm thinking you don't mean virtual machine, you
>> mean that other thing :-)
>>> Then I think I should work on limiting that user to the vhost that is
>>> designated to work with.
>>>
>>>
>> So, if you mean not virtual machine but that other thing, then you're
>> either going to have to copy all the stuff I talk about above in to
>> the docroot tree (which I still think will cause more problems than it
>> will fix), or mount the stuff above inside the docroot, or figure out
>> how to change permissions and ownership so that the user can only
>> change the stuff in their docroot. Perhaps group ownership can save
>> the day here, assuming you want ALL files in ALL web servers to be
>> owned by whoever is running Apache, then create 2 or more groups,
>> change all group ownership to the NON-User group, then
>>
>> change group ownership of all files in your docroot to the group of
>> the user (obviously you're going to have to change the user to have
>> that group too), then change permissions to something like 770 for all
>> directories everywhere (or 775, or whatever) and 660 for all files.
>> Done, supposedly ;-)
>>
>>>
>>> Then finish up by installing configuring the vhost to use PHP-FPM.
>>>
>>> Any thought are much appreciated!!
>>>
>>> Keith
>>>
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list:
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)