Join the community today
Become a Member

Evrey vhost own user?

Discussion in 'Centmin Mod Insights' started by hardousse, Feb 8, 2018.

  1. hardousse

    hardousse Active Member

    123
    30
    28
    Dec 15, 2015
    Sweden
    Ratings:
    +45
    Local Time:
    9:44 PM
    1.11.*
    10.1*
    hi I don’t know if possible with centminmod can we assist to every application own user non root,for exemple user Wordpress for Wordpress site and nextcloud to nextcloud app I mean every vhost has own user,it’s not for shared just if i want separate application with user?
    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,845
    8,064
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,422
    Local Time:
    5:44 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    No that isn't possible out of the box as it still is related to shared hosting as current user is nginx that Nginx web server uses to be able to read each vhost's files.
     
  3. Jon Snow

    Jon Snow Active Member

    378
    61
    28
    Jun 30, 2017
    Ratings:
    +92
    Local Time:
    3:44 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    I'm not sure if I ever asked this but do you see this ever being added in a future version of centminmod?

    I don't really mind it but the extra security is always a plus in my eyes since I sometimes want to host Wordpress and xenForo on the same server. We all know the situation with Wordpress :vulcan:
     
  4. eva2000

    eva2000 Administrator Staff Member

    36,845
    8,064
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,422
    Local Time:
    5:44 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Being able to use separate usernames for each web site involves the same changes required to shared hosting site isolation so it's the same planned to do item for shared hosting way into the future :)

    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).

    So the pure-ftpd virtual ftp user can lock that ftp user to the nginx vhost directory but because files are owned by nginx user/group, it wouldn't stop a hacker using php/file based transversal of other nginx vhosts. If you want isolation, setup 1 server for each site your want to host. It's how I usually host my centmin mod sites/subdomain sites i.e. this forum is hosted on separate server from centminmod.com site and separate server from my other subdomain sites for *.centminmod.com subdomains.

    Full chroot/jailed user/site isolation is on the long term to do list but nothing immediate is planned. There's a preview of what isolation may look like here.
     
    • Like Like x 1
  5. hardousse

    hardousse Active Member

    123
    30
    28
    Dec 15, 2015
    Sweden
    Ratings:
    +45
    Local Time:
    9:44 PM
    1.11.*
    10.1*
    Everything clear Thanks for help.
     
..