允许使用PHP、MySQL、FTP,不允许使用SSH登录FTP目录限制在用户的home目录下每一个vhost在运行php时不可读取其他目录,防止被挂马后影响其他应用 Virtualmin/Webmin安装 sudo apt-get install webmin webmin-virtual-server 模块设置在System Settings -> Features and Plugins中,关闭不必要的模块。我只保留如下模块: Feature or Plugin Source Version Domains Default? Actions Administration userCore3.98.gpl1Show domains Home directoryCore3.98.gpl1Show domains Show domains Show domains Show domains Show domains Show domains Show domains Show domains Show domains Show domains Show domains Show domains Show domains Configure | Open Configure Configure | Open Configure | Open
限制FTP根目录在Limits and Validation -> FTP Directory Restrictions,这里勾上Active,选择Users' home directories,以及Users' home directories。 限制php读取目录在System settints -> Edit Server Template中,选择Apache Website,找到Default PHP execution mode,使用mod_php运行。(使用FastCGI模式似乎无法使用php_admin_value配置……) 在Directives and settings for new websites的配置模板中加入一行:php_admin_value open_basedir "${HOME}/public_html:/tmp" 即:
ServerName ${DOM}ServerAlias www.${DOM}DocumentRoot ${HOME}/public_htmlphp_admin_value open_basedir "${HOME}/public_html:/tmp"ErrorLog /var/log/virtualmin/${DOM}_error_logCustomLog /var/log/virtualmin/${DOM}_access_log combinedScriptAlias /cgi-bin/ ${HOME}/cgi-bin/DirectoryIndex index.html index.htm index.php index.php4 index.php5<Directory ${HOME}/public_html>Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatchallow from allAllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch</Directory><Directory ${HOME}/cgi-bin>allow from allAllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch</Directory>