Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Desch2015-07-12 12:33:47
JavaScript
Desch, 2015-07-12 12:33:47

How to restrict a user in his home folder?

For the N-th number of years, a familiar scheme on the web server was formed, which left open security issues, and now, when you have to let third-party users in, they have become critical.
NGINX + PHP5-FPM bundle, users are based in /var/www/USER/SITE .
The owner of /var/www/USER is root . Total inside - USER . All users hang on different PHP-FPM pools. Access exclusively via SFTP, users are locked in their own folder via setting in sshd_config:

Subsystem sftp internal-sftp

Match group www-data
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

Pool example in PHP-FPM:
[USER]
user = USER
group = www-data
listen = 127.0.0.1:PORT
chdir = /var/www/USER/

1) If you fill in r57shell, then nothing prevents you from rising above your level and looking anywhere. How to fix it?
2) Some of the sites use an impromptu PHP library located in /var/www/libs , making it Include in scripts - what is the right way to organize a "shared library"? (I guess that with the right restriction of users, above /var/www/USER they will not be able to include anything).
PS The options found on the net with any kind of shamanism and editing basedir led to File not found when *.php was executed

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Anton Neverov, 2018-11-14
@IT-Programmer

Because you don't have the $(this) variable inside the test function.
Your solution will be:

function test(item){
    alert(item.attr('class'));
}

Report
A
Andrey Burov, 2015-07-12
@Desch 

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever 
;       possible. However, all PHP paths will be relative to the chroot
;       (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

and /var/www/lib needs to be put for each user.

Report
D
DENIS SHELESTOV, 2015-07-12
@djdeniro

open console
chmod 666 -R /YOU/DIR/HERE

Similar questions
D
Deyle2021-03-18 10:04:31
How to attach a recording from a video meeting in Bitrix24? 2Reply
N
NikitaSova2020-09-16 09:01:55
How to solve error CS0120? 3Reply
I
iSensei2014-05-09 17:40:23
Title in Tooltip on Bootstrap 3? 4Reply
V
Vladislav2019-09-07 09:44:30
How to make a regular user a Guest in windows 7? 3Reply
F
freestm2017-04-07 22:31:58
How to transfer the execution of the program to the server? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question