Security cPanel vs Centminmod

Jon Snow · Jun 14, 2020

If someone hacks a Wordpress install for example on a centminmod server, are they able to get root access if it's not properly secured like locking down the root user and using ssh keys?

What's the difference with cPanel / Plesk that separates domains for an extra layer of security? Would a hacker be able to gain root access similarly if they hack one website on a cPanel powered server?

eva2000 · Jun 14, 2020

Jon Snow said: ↑

If someone hacks a Wordpress install for example on a centminmod server, are they able to get root access if it's not properly secured like locking down the root user and using ssh keys?
Click to expand...

access would be limited to nginx user directory/files not root user

Jon Snow said: ↑

What's the difference with cPanel / Plesk that separates domains for an extra layer of security? Would a hacker be able to gain root access similarly if they hack one website on a cPanel powered server?
Click to expand...

similar, access would be limited to cpanel username owned directory/files just cpanel jail/chroot restricts each cpanel username while centmin mod has 1 user = nginx that owns all sites' directories and files centmin mod doesn't have jail/chroot support

darnpunk · Jun 16, 2020

Hello @eva2000, jumping in on this topic. I've been going through posts in forums and also FAQ stating that centminmod is not meant for shared hosting. Also understand that chroot is on the long term to-do list.

Some questions that I hope you could clarify:

Can we still setup chroot / jailed ourselves while still using centminmod? Will it be too much effort and could break sites?

I noticed there's a recent update [nginx-announce] unit-1.18.0 which mentions about a new isolation option for chrooting application processes called "rootfs". Would this be the solution to the chroot / jailed isolation?

In the case where using a VPS and setting up shared hosting for multiple Wordpress sites is the only option, what would you recommend keep the sites as isolated possible from each other using centminmod?

eva2000 · Jun 16, 2020

There's many different ways to implement chroot/jail users but it will fundamentally break existing Centmin Mod nginx vhost setup and various operations as centmin.sh menu and some of your web apps may no longer have access to services/processes and files they do have no without major changes in how it's all setup. It may also break any future Centmin Mod developments/features roled out which don't expect a chroot/jailed environment and expect directories and files to exist at certain locations which would of changed due to chroot/jailing.

darnpunk said: ↑

I noticed there's a recent update [nginx-announce] unit-1.18.0 which mentions about a new isolation option for chrooting application processes called "rootfs". Would this be the solution to the chroot / jailed isolation?
Click to expand...

Nginx Unit is different from Nginx server. Nginx Unit is a application server while Nginx is a web server. See Nginx Unit info at NGINX Unit | NGINX

What Is NGINX Unit?
NGINX Unit is a dynamic application server, capable of running beside NGINX Plus and NGINX Open Source or standalone. Unit supports a RESTful JSON API, deploys configuration changes without service disruptions, and runs apps built with multiple languages and frameworks. Designed from scratch around the needs of your distributed applications, it lays the foundation for your service mesh.
Click to expand...

Long term plans is to also see how Centmin Mod can integrate Nginx Unit as well for application serving.

darnpunk said: ↑

In the case where using a VPS and setting up shared hosting for multiple Wordpress sites is the only option, what would you recommend keep the sites as isolated possible from each other using centminmod?
Click to expand...

Strictest isolation is to have 1 VPS server per web site. This is what I usually do myself even if their is jailed/chroot access. It makes it easier to scale and move specific sites to newer/upgraded servers and web hosts and gives resource usage isolation to each site = better performance for each site

darnpunk · Jun 16, 2020

Thank you for the clarifications @eva2000. I too agree 1 VPS per website is the best route and security. Just so happen that sometimes the project restricts us to only use 1 VPS to host multiple sites.

There are other options out there like Virtualmin which has chroot implemented but seeing it only has basic nginx support makes me wonder how it performs.

I am so used to centmin and feel confident with it. Hopefully we can convince the client on 1 VPS per website.

Log in / Register

Forums

Welcome to Centmin Mod Community

Security cPanel vs Centminmod

Jon Snow Active Member

eva2000 Administrator Staff Member

darnpunk New Member

eva2000 Administrator Staff Member

darnpunk New Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Security cPanel vs Centminmod

Jon Snow Active Member

eva2000 Administrator Staff Member

darnpunk New Member

eva2000 Administrator Staff Member

darnpunk New Member

.