Ive been speeking with a web hosting company about a possibility of making a web based client control system allowing users to modify everything about their account. I would like to make this system compleatly open source and open devolpment to everyone who is intrested. My question is will people be intrested in this. Will people actualy use this program if its out there, or will I be wasting my time. Is there anything like this out there? ive seen diffrent control programs all seprate like a file manager here and an email manager their. What I want to make is one system where a client can modify everything about their account all in one place.

I would like comments on this issue, and if it isnt much trouble or you would be intrested in working on this project with me please email me at nricciardi@mindspring.com

Your big problem is - something like that is worth plenty of money.

The closest thing that controls everything is webmin. But its not really aimed at webhosting companies.
If you are into open source you can easily write modules to help improve webmin.
Or linuxconf.

that already exists... I know that some companies hold their own privately, but here is one running under the gpl (I think)

http://www.freevsd.org

Well webmin is more suited for web hosting administrators to admin the whole system, not for clients and their web account. Also i judge webmin to be a very large security issue beeing as it has to much power over the system. What I want to focus on is giving the user the ability to take advantage of the spefic things that belong to the user. email, mysql db's, domains, sub domains, autoresponders, also I want to give the client the ability to upgrade things on the fly bandwith allotment, storage space, add more email accounts and other options. I would also like any sugestions on things that should be included in this program. I will be putting up a web page soon, so if anyone would like this url ill be able to give it out in a day or so.

I am definately interested in certain parts of that project.

I personally don't need or want to allow as much as you want, but I am interested in the restricted part... how do you prevent users to see each others, using any languages or any ways.

That is an interesting topic I have been looking for already for quite some time, and I am slowly building myself a reference database on how to make a system as safe as possible from and for the users (not the public), but not to the point where they can't share apache for example.

Anyway, I believe I can be of some help and I am interested in listening to your ideas...

Feel free to contact me!

Originally posted by Félix C.Courtemanche
but I am interested in the restricted part... how do you prevent users to see each others, using any languages or any


Felix, did you mean that on most systems out there today, users can see each others data?

I am very new to web hosting, so please do expand a little on what you exactly meant when you said this.

Because if one user can see the other user's stuff if they are on the same server... that definitely is not a good thing.

Learner

If the server is setup correctly users cant see other users data unless you want it to be seen. I know where i currently host my domain the administrators care alot about customer security, and they will go above and beyond whats needed to secure your data. I wont give out their name in fear I may be tagged as a spammer =)

Well, it's relevant to the topic, and I don't think any of us would mind since it's not particularly about sales :D so feel free to post it.

Since you asked its http://www.stratius.com I have nothing but praise for this web hosting company and the support is exelent. I realy love telling people about this host because its kinda new, and they deserve to be out there.

Felix,
I can tell you how to set the system so users can not leave their dir so they dont have the ability to even know who else is on the same machine. if thats what you are wanting.

I would be interested in seeing the solutions you found to:

- prevent users with a ssh account (or telnet account) to see someone else's public files. This is mainly because a lot of people code cgi scripts with only the web in mind, thus seeing the source can be a real security treat. To prevent this, the most effective way is to keep the users in a chroot'ed environment, but doing so is quite expensive in HD space since you must include the path and programs within their own chroot... and if you have a lot of users it can really be hard to do.

- prevent users with perl or mod_perl scripts to see any other users's public files, for the same reasons.

Maybe some of you are telling themselves that if a file is public, then why worry about the source... the fact is that since the file is read and compiled at run time by the perl interpreter, viewing the source code can potentially show information such as database passwords, etc.

We consider the virtual server environment, but again, it comes to a really high cost, since you can't have as much users on a system and you need much more CPU/RAM/HD than you would with a normal web server.

Jaguar, if your post is about what I mentionned previously... it is not the best way to go.

I am personally looking forward to find a solution to the non-privacy when using perl or mod_perl on a server. PHP can be easily controled and this is good... ssh could at worst be in a chroot jail...
hmmm any other ideas? (I know this is getting technical, e-mail me if you want)

Originally posted by Learner
Originally posted by Félix C.Courtemanche
but I am interested in the restricted part... how do you prevent users to see each others, using any languages or any


Felix, did you mean that on most systems out there today, users can see each others data?

I am very new to web hosting, so please do expand a little on what you exactly meant when you said this.

Because if one user can see the other user's stuff if they are on the same server... that definitely is not a good thing.


Learner, the only files (unless it is a really B*S server) that someone else could see is the public files.

That mean that if your site is only html and gif, you have nothing to worry about at all... but if your site contains some scripts interracting with a database, etc... there can definately be a problem, since someone could see it using a simple perl script (or php often) to see the source of your script... WITHOUT going through the web browser... wich means it could grab any sensitive data that no-one would normally see.

and yes, the majority of hosts will tell you their server is secure...b ut trust me on this, I personally experienced this a few times on my previous hosts and it is far from the truth.

Often companies will protect themselves by saying "if you do that, we will cancel your account"... but who will tell them they did it, if it was not by mistake?

hmmm... currently, web pages hosted on a RAQ3i server are usually safe, if their owners have a little bit of linux knowledge... else...

You never are too precautious.