My KeyHelp Q/A
My KeyHelp Q/A
HI guys,
Any idea how to accomplish any user isolation with KeyHelp (eg. like CloudLinux's CageFS)? For SFTP/SSH access, I suppose I can buy the pro version but what's the best way to do it for PHP/CGI scripts or anything the user wants to run?
Or in layman's terms how to prevent a hacked Wordpress website from messing with the whole server?
Question 2: For some reason, on my test machine I added a user and everything went fine. Few minutes later, I refresh the "User Administration" page and the "S" next to the "Username" in the user's row shows a red warning sign, which when hovered over with the mouse: "An error has occured". The KeyHelp event log only says "Error occurred while adding system user <myusername>". How do I get more info to find out what happened?
Any idea how to accomplish any user isolation with KeyHelp (eg. like CloudLinux's CageFS)? For SFTP/SSH access, I suppose I can buy the pro version but what's the best way to do it for PHP/CGI scripts or anything the user wants to run?
Or in layman's terms how to prevent a hacked Wordpress website from messing with the whole server?
Question 2: For some reason, on my test machine I added a user and everything went fine. Few minutes later, I refresh the "User Administration" page and the "S" next to the "Username" in the user's row shows a red warning sign, which when hovered over with the mouse: "An error has occured". The KeyHelp event log only says "Error occurred while adding system user <myusername>". How do I get more info to find out what happened?
Re: My KeyHelp Q/A
What username did you use?Radi wrote: ↑Tue 19. Mar 2024, 13:25 Question 2: For some reason, on my test machine I added a user and everything went fine. Few minutes later, I refresh the "User Administration" page and the "S" next to the "Username" in the user's row shows a red warning sign, which when hovered over with the mouse: "An error has occured". The KeyHelp event log only says "Error occurred while adding system user <myusername>". How do I get more info to find out what happened?
The user is created as a real system user, so the username must be valid for a Linux useraccount.
What does
Code: Select all
grep '<myusername>' /etc/passwd
mfg Micha
--
If Bill Gates had a nickel for every time Windows crashed …
… oh wait, he does.
--
If Bill Gates had a nickel for every time Windows crashed …
… oh wait, he does.
Re: My KeyHelp Q/A
one word username - eg. 'username'
- technotravel
- KeyHelp Translator
- Posts: 266
- Joined: Mon 19. Oct 2020, 11:11
Re: My KeyHelp Q/A
I was once confronted with this error message after a fresh install, where the quota had not been installed correctly.
Did your installation go through without any errors?
Chers francophones, je traduis KeyHelp en français. S'il y a des erreurs ou des propositions d'amélioration, n'hésitez pas à me contacter !
(Ich übersetze KeyHelp ins Französische)
(Ich übersetze KeyHelp ins Französische)
Re: My KeyHelp Q/A
Ah yes, quota failed to install. I forgot to mention it.
All the rest was fine. Do I need to run any modprobe before reinstall? Btw, this is on Debian 12.
All the rest was fine. Do I need to run any modprobe before reinstall? Btw, this is on Debian 12.
- technotravel
- KeyHelp Translator
- Posts: 266
- Joined: Mon 19. Oct 2020, 11:11
Re: My KeyHelp Q/A
Keyhelp won't ever work without the quota functioning.
You can find a few threads on this topic here in the forum.
You can find a few threads on this topic here in the forum.
Chers francophones, je traduis KeyHelp en français. S'il y a des erreurs ou des propositions d'amélioration, n'hésitez pas à me contacter !
(Ich übersetze KeyHelp ins Französische)
(Ich übersetze KeyHelp ins Französische)
- Jolinar
- Community Moderator
- Posts: 3612
- Joined: Sat 30. Jan 2016, 07:11
- Location: Weimar (Thüringen)
- Contact:
Re: My KeyHelp Q/A
There is a quota problem with OpenVZ/Virtuozzo.
Which virtualization solution is used (e.g. OpenVZ, Virtuozzo, KVM, XEN, etc.)?
That is completely correct.technotravel wrote: ↑Tue 19. Mar 2024, 15:44 You can find a few threads on this topic here in the forum.
Wenn jemand inkompetent ist, dann kann er nicht wissen, daß er inkompetent ist. (David Dunning)
Data Collector für Community Support
___
Ich verwende zwei verschiedene Schriftfarben in meinen Beiträgen /
I use two different font colors in my posts:
Data Collector für Community Support
___
Ich verwende zwei verschiedene Schriftfarben in meinen Beiträgen /
I use two different font colors in my posts:
- In dieser Farbe schreibe ich als Moderator und gebe moderative Hinweise oder begründe moderative Eingriffe /
In this color, I write as a moderator and provide moderative guidance or justify moderative interventions - In dieser Farbe schreibe ich als Community Mitglied und teile meine private Meinung und persönlichen Ansichten mit /
In this color, I write as a community member and share my personal opinions and views
Re: My KeyHelp Q/A
Generally, all KeyHelp users are system users, so on your server the regular Linux file systems permissions are in place.
A user can only access their own files and folders, which system permissions will allow him to.
Example:
Code: Select all
-rw-r----- 1 root root 4017 Mar 20 2024 this_is_a_secret
-rw-r--r-- 1 root root 4017 Mar 20 2024 this_is_not_a_secret
Code: Select all
-rw------- 1 alex alex 385 Mär 1 13:08 .bash_history
drwx------ 2 alex alex 4096 Okt 24 14:36 .cache
drwx------ 2 alex alex 4096 Mär 22 2023 .config
drwxr-x--- 3 alex www-data 4096 Dez 13 09:53 files
drwx------ 2 alex alex 4096 Mär 22 2023 .local
dr-xr-x--- 67 alex www-data 4096 Mär 8 15:25 logs
drwx------ 2 alex alex 4096 Jun 7 2023 .ssh
drwxr-x--- 3 alex www-data 4096 Feb 28 12:22 tmp
drwxr-x--- 12 alex www-data 4096 Mär 8 15:25 www
If you do not want the users to see anything else that their home directory, you will need KeyHelp Pro, as this will enable you to let KeyHelp create a "restricted SSH environment" for the users you want.
For PHP: PHP uses open_basedir, with this and the default settings in KeyHelp, PHP scripts are locked into the their home directory.
However, this will not affect Cronjobs.
This should not be possible, because of the open_basedir settings. A hacked Wordpress will only affect the client owning this Wordpress.
(For the sake of completeness - it will affect the server, if the hacked Wordpress page will send spam across the internet, as this will affect the reputation of the server.)
You may want to have a look unto "System status" -> "Logs" -> "Process tasks | update.log". Here you can look for the user name and can look up some more error details.Radi wrote: ↑Tue 19. Mar 2024, 13:25 Question 2: For some reason, on my test machine I added a user and everything went fine. Few minutes later, I refresh the "User Administration" page and the "S" next to the "Username" in the user's row shows a red warning sign, which when hovered over with the mouse: "An error has occured". The KeyHelp event log only says "Error occurred while adding system user <myusername>". How do I get more info to find out what happened?
But as others have pointed out, if you want a fully working system, make sure there are no errors during KeyHelp installation.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************