Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Use ZPanel without domain? I.e. http://IP/~User ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Use ZPanel without domain? I.e. http://IP/~User ?

FreekFreek Member
edited March 2013 in Help

I recently found ZPanel and it looks very nice. I am planning on use it in a multi user environment, mainly for FTP Storage as I cannot find a FTP Server with Web Interface that allows the creation of resellers with appropriate quota settings etc. Wing FTP Server looks promising, but they do not support Resellers. Apart from that, their quota settings are complete crap.
Anyway, I am not planning on using a domainname with ZPanel, nor are my clients. I would like to be able to access client accounts using http://IP/~User.

I got this working by adding
'AliasMatch ^/~([a-zA-Z0-9]+)/?(.*) /var/zpanel/hostdata/$1/public_html/$2'
to my httpd.conf file.

Problem is that users can go up, via HTTP, outside their home directory. How can I properly 'chroot' them, so that they cannot click 'Parent Directory' when they are already in 'http://IP/~User'?

Thanks!

Comments

  • BlazeMuisBlazeMuis Member
    edited March 2013

    Why not just using subdomains or something? (just a suggestion)

  • joepie91joepie91 Member, Patron Provider

    The obligatory: don't use ZPanel, there are known vulnerabilities in it that cannot easily be resolved (in particular in the reseller part).

  • winstonwinston Member

    I thought those were fixed in v10?

  • joepie91joepie91 Member, Patron Provider

    @winston said: I thought those were fixed in v10?

    https://github.com/bobsta63/zpanelx/blob/master/dryden/ui/templateparser.class.php#L24

    The issues with vulnerabilities in their templating system are not going to go away, as long as they use string replacements and eval()s for their templater.

  • FreekFreek Member

    @joodle said: Why not just using subdomains or something? (just a suggestion)

    That's fine with me as well. I have a spare domain, but my 'Resellers' aren't planning on using their own domainname

    @joepie91 said: The obligatory: don't use ZPanel, there are known vulnerabilities in it that cannot easily be resolved (in particular in the reseller part).

    Hmm... Well, I could try Kloxo? I tried ISPConfig, didn't like it. EHCP is not compatible with Ubuntu 12.04

  • yomeroyomero Member
    edited March 2013

    @Freek said: Ubuntu

    Yiak

    /offtopic

    I've used froxlor some time ago, I like it, but I don't know how has been recently (seems to be almost stalled)

  • FreekFreek Member

    @yomero said: Yiak

    Haters gonna hate.

    @yomero said: I've used froxlor some time ago, I like it, but I don't know how has been recently (seems to be almost stalled)

    I was just looking at OpenPanel, development seems stalled as well..

  • NoermanNoerman Member

    @joepie91 Thanks for the head-up on the security side.

  • erhwegesrgsrerhwegesrgsr Member

    @joepie91 said: don't use ZPanel, there are known vulnerabilities in it that cannot easily be resolved (in particular in the reseller part).

    Lol, that wasn't the question. From the OP you can clearly see it's for personal use.

  • vanarpvanarp Member

    @yomero said: I've used froxlor some time ago, I like it, but I don't know how has been recently (seems to be almost stalled)

    I see active commits happening on github.

    https://github.com/Froxlor/Froxlor/commits/master

Sign In or Register to comment.