+42
Per site user
When create new web-site with Ajenti-V panel for example - create new OS user - owner of site files and grant him privileges to configure site settings with Ajenti-V.
Example:
1. When creating site ask for creating user: username [thesiteuser], password [default is empty] and shell [drop-down: sh/bash/ftp]
2. Create system-user thesiteuser with main group www-data with homedir /srv/website
with corresponding shell from list.
3. Change owner recursivelly thesiteuser:www-data /srv/website
4. php-fpm workers runs as thesiteuser:www-data
5. webserver user (apache or nginx) has additional group www-data for serving user's content.
6. Ajenti-V uses for administration web-site:
- internal created user thesiteuser with specified password
- system-user thesiteuser (if sync panel users with system users checked)
7. additionally may be implemented Apache mod_ruid2 or mpm-itk user permissions to vhosts.
Example:
1. When creating site ask for creating user: username [thesiteuser], password [default is empty] and shell [drop-down: sh/bash/ftp]
2. Create system-user thesiteuser with main group www-data with homedir /srv/website
with corresponding shell from list.
3. Change owner recursivelly thesiteuser:www-data /srv/website
4. php-fpm workers runs as thesiteuser:www-data
5. webserver user (apache or nginx) has additional group www-data for serving user's content.
6. Ajenti-V uses for administration web-site:
- internal created user thesiteuser with specified password
- system-user thesiteuser (if sync panel users with system users checked)
7. additionally may be implemented Apache mod_ruid2 or mpm-itk user permissions to vhosts.
Customer support service by UserEcho
Preventing infected websites/accounts from affecting others?
This enables resource limitation by user (used on CoreOS, gaining popularity among hosts) and security (Namespace section)
but the way I read the original post there would be a single user for each and every website.
It would be far more useful if we were able to simply create "restricted" control panel users,
that can only create websites, DBs, ftp accounts, and the like, within their assigned homedir.
It would be far more useful if we were able to create per site users and "restricted" control panel users.
are this solution still works on latest ajenti version ?
Someone is going to have to pick this one up and develop it separately. It's outside the developers interest as it's been discussed here and on other threads for over a year. I believed first that docker containers might be the answer but that's only one persons assessment.
I've been looking at this for a while now in consideration of transitioning my current hosting cluster over to Ajenti V.
I would be willing to develop a plugin for this, assuming the community has enough interest for it. It can be achieved fairly easily with jailkit and I'm honestly surprised it hasn't been implemented into Ajenti yet.
The dev team should take note though: this is a necessary feature. When hosting webspace, your more advanced clients will need to be able to work in the terminal, especially when working with Laravel projects and other currently unsupported frameworks. As the sysadmin, you'll find you don't have time to go in and run a bunch of symlink and templating scripts to fit each use case. It's easy to let the user to it themselves.
@keyton_stanier - That's a very generous proposition. We have developed a python plugin that integrates Cloudflare into the panel (limited for A/CNAME/TXT records, client onboarding etc) instead of using BIND, and are pursuing a more robust version as we have now integrated their railgun product in a test Data Center (VM). I always thought that either ACL or Jailkit would be worth looking into but found that time and a few barriers to becoming expert at.
Moving forward would like to know if you want a beta tester I would put up a server to evaluate for 6 months or whatever it takes.
@Wrrr I'd be more than happy to take whatever help I can get with beta testing. After playing around with Ajenti some and going through all the docs, I've decided that I'm go to develop and test the plugin against 2.x and maybe port back to 1.x once I know it's working.
What version have you been using for your set-up? If you have any basic requirements for a Jailkit implementation (in-browser kit config, integrated file explorer, etc.) I'd be happy to try and work on them.
Sounds great. Were in Ajenti v1.2.23.3 as of the last update. We're not using jailkit if that's the question. We're building VPS's (tuned for WP Delivery) in our own leased space (data center), Ubuntu 14.04.4. So, we would have to meet (virtually/hangout) and then get on with making you a SSH/user into a test VM and move forward.
Can anyone please provide me how to create per site users and "restricted" control panel users in Ajenti 1.x with Ajenti V? Please provide me the docs if available with you or steps.
I've added the website and created the system user but unable to login with Ajenti Control panel.