[BlueOnyx:23312] Re: BlueOnyx 5210R Release Candidate

Michael Stauber mstauber at blueonyx.it
Fri Oct 11 00:08:53 -05 2019 

Hi Ernie,

> in 5210R there seems to be nothing in the /home/users directory.

Correct.

> In prior BX versions, there use to be at least the admin user home 
> directory, and whatever administrator users you> had added.  Is this a
deliberate change?

Yes. The home directory of user "admin" is now /home/.users/admin

In order to incorporate the JailKit functionality I had to make changes
to how and where Vsites and Users are stored and what the permissions of
these directories might be. For instance JailKit took objection to the
2571 permissions on /home/.sites/ and that's been changed to 0755 now.
Likewise the root directory of any JailKit jail must have strict
permissions and ownerships.

I explained this here:

https://www.blueonyx.it/news/245/54/5210R-Development-Jailkit

We do NOT want any regular user with SFTP or Chrooted-Shell having
access to anything he's not supposed to see. So we needed at least two
jails per Vsite.

Our siteAdmin's can get chrooted into /home/.sites/siteX/ and there they
have access to everything pertaining to their Vsite.

Regular Users with SFTP or Chrooted-Shell instead get chrooted into
/home/.sites/siteX/home/ and from there they have no access to
/home/.sites/siteX/, /home/.sites/siteX/wwwroot/ or anything else that
matters. They can't access other Users home directories due permission
and ownership restrictions. So at best they can access their own users
home directory.

As you can see in the image of the directory structure in the linked
article: The /certs, /web and php.d/ directories of the Vsite are nested
one level deeper than before as I inserted the /wwwroot directory into
their path.

User home directories of Vsites are also one level deeper, as "/home"
has been inserted between /home/.sites/siteX and /users/<username>

Additionally we had these stupid paths like /home/.sites/28/site1 for
"site1" with the insertion of "28" into there. Or other numbers for
sites with higher numbers. This is something we had carried over from
the RaQ550 days and these number insertions there *never* made any
sense. They weren't even random numbers, but easily predictable and
reproducible. So while I was at it I threw them out as well.

Easy-Migrate handles the different directory structure during migrations
just fine, so when using that to migrate from older boxes to 5210R or if
you migrate between 5210R boxes it'll be taken into account and the data
ends up exactly where it should end up.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list