Tweet
hi
1. Currently when you create a reseller(i.e. a <user> who can create more than one domains and related services under a package), it creates conf files in /home/<user>/conf/ directory. And if the reseller <user> creates multiple domains, all point to the same web directories.
I meant if a reseller creates.
domainA.tld for customer A
domainB.tld for cutomer B
both point to the domainA.tld, thus disallowing the domainB.tld to customize his/her own site (see 2 below about separation of power).
/home/<RESELLER_USER>/conf# ls web/
apache2.conf nginx.conf snginx.conf ssl.domainA.tld.key ssl.domainB.tld.crt ssl.domainB.tld.pem
awstats.domainA.tld.conf sapache2.conf ssl.domainA.tld.crt ssl.domainA.tld.pem ssl.domainB.tld.key webalizer.domainB.tld.conf
This can be avoided if admin creates a separate users for all domainN.tld, but that is not how it works in real life as the multitenacity is admin>>resellers>>customers.
2. This may also create permission mess to files uploaded to public_html files by those two users as their permissions are not separated. ISPConfig uses a different topology which is worth a suit. They give different ownerships and permissions to each client and domain (clientID and webID), meaning separation of powers among different players (ACL). Else vestacp shall become unmanageable in the long run.
The above (ACL based on resellerID and domainID) is a must for any *nix.
1. Currently when you create a reseller(i.e. a <user> who can create more than one domains and related services under a package), it creates conf files in /home/<user>/conf/ directory. And if the reseller <user> creates multiple domains, all point to the same web directories.
I meant if a reseller creates.
domainA.tld for customer A
domainB.tld for cutomer B
both point to the domainA.tld, thus disallowing the domainB.tld to customize his/her own site (see 2 below about separation of power).
/home/<RESELLER_USER>/conf# ls web/
apache2.conf nginx.conf snginx.conf ssl.domainA.tld.key ssl.domainB.tld.crt ssl.domainB.tld.pem
awstats.domainA.tld.conf sapache2.conf ssl.domainA.tld.crt ssl.domainA.tld.pem ssl.domainB.tld.key webalizer.domainB.tld.conf
This can be avoided if admin creates a separate users for all domainN.tld, but that is not how it works in real life as the multitenacity is admin>>resellers>>customers.
2. This may also create permission mess to files uploaded to public_html files by those two users as their permissions are not separated. ISPConfig uses a different topology which is worth a suit. They give different ownerships and permissions to each client and domain (clientID and webID), meaning separation of powers among different players (ACL). Else vestacp shall become unmanageable in the long run.
The above (ACL based on resellerID and domainID) is a must for any *nix.
Comment