SSH user can read root files?

[nobaloney]

One good one is the secure_access_group, setup by DA:
http://www.directadmin.com/features.php?id=961

which sets the /home/username folders to 750, chown username:access.. where the "access" group is a list of system usernames that can see in. Other ssh users will not be able to see in.

Years ago there was a limitation on how many users could be in a group; only the first x many would actually be in the group no matter how many were listed in the group file.

Is that no longer true, or is the limit now high enough that for practical purposes (hundreds of users) it no longer matters?

Jeff

 

[DirectAdmin Support]

I just did some googling and it seems there may not be a limit to the number of Users in a group, but it might be a limit to the length of a line in the /etc/groups file. The solution that was mentioned was to create a multiple lines with different group names, but use the same GID number, which would effectively let everyone in each differently named group actually be part of the same group (since the system really only care about the GID numnber)

I have not tested any of this, so I'm not sure if it's correct.

John

 

[nobaloney]

Thanks for the clarification, John. I was probably thinking of the maximum number of groups to which a user could belong, as explained here (ibm.com).

Jeff

 

[floyd]

Hello!

I saw that in default, normal ssh user can see files wit root ownership - how that is possible?

Also, I've watched this article:
http://help.directadmin.com/item.php?id=90

But I see that is effective just for PHP CGI and not for PHP CLI.

Why do you keep mentioning php? Php has nothing to do with ssh.

http://www.directadmin.com/forum/showthread.php?t=29824

Where?

Its in the link you provided.

That guide almost seems outdated talking about customapache. I cant seem to find any other guides for setting it up and havent used it personally.

Its not outdated. The first part is about using custombuild which is the latest. Customapache is in the second part for those of use still using customapache. Customapache is still one of the options when installing DirectAdmin.