Fwd: Re: How to give users ftp access to their sites safely

To: debian-isp@lists.debian.org
Subject: Fwd: Re: How to give users ftp access to their sites safely
From: mimo <mimo@restoel.net>
Date: Fri, 23 Sep 2005 13:39:05 +0100
Message-id: <[🔎] 200509231339.06102.mimo@restoel.net>

oops

----------  Forwarded Message  ----------

Subject: Re: How to give users ftp access to their sites safely
Date: Friday 23 September 2005 13:37
From: Dan MacNeil <dan@thecsl.org>
To: mimo <mimo@restoel.net>

Hi mimo

You might reply to the list as I'm sure your info is of general interest.

You might also reply to Rod instead of me :->

#######

mimo wrote:
> Hi Rod
>
> there is two ways I could think of but not sure if either of them is of any
> use for you:
>
> 1) use /home/$USER/public_html as web root -- this is well supported by
> apache
>
> 2) separate login methods for web site and users. use ftp for /home/http (I
> would suggest using the default debian /var/www unless there are good
> reasons not to do so) and sftp/ssh for /home accesses
>
> Hope this helps
>
> mimo
>
> On Friday 23 September 2005 12:56, Dan M. MacNeil wrote:
>>reply below
>>
>>######
>>
>>R. W. Rodolico wrote:
>>>I have all user directories under /home/users. All web sites are
>>>under /home/http/. I use the chroot function in proftp to ensure
>>>that anyone ftp'ing in to the machine only has access to their
>>>personal directory.
>>>
>>>The problem is that some users need ftp access to their web sites
>>>also. Symbolic links don't work because the link refers to something
>>>outside the chroot root. So, I did a mount --bind for each user to
>>>the web site they needed to access. This results in about 30 mounted
>>>directories, problems on backup, and funky displays when I try to
>>>issue the df command to see how much space I have. I can work around
>>>all of these, but . . .
>>
>>We're exploring similar issues.
>>
>>Another problem with mount --bind is that you are limited to 200 or so
>>mounts per volume.
>>
>>One thing we're considering is libpam-mount
>>
>>Another is hard links
>>
>> From our painful experience /home/http may not be a good way to go if
>>you ever decide to use suexec.
>>
>>We have /home/sites and have to re-compile suxec to use a document root
>>different than /var/www every time there is a security patch for apache.
>>
>>>I'm sure there is a much better way. I don't mind changing the
>>>directory structure around if I need to.
>>>
>>>Any and all suggestions would be greatly appreciated.
>>>
>>>Thanks,
>>>
>>>Rod

-------------------------------------------------------

Reply to:

Prev by Date: Re: How to give users ftp access to their sites safely
Next by Date: Re: Postfix Trouble2 (slow smtp connection)
Previous by thread: Re: How to give users ftp access to their sites safely
Next by thread: Postfix Trouble2 (slow smtp connection)
Index(es):
- Date
- Thread