On 03-08-09 13:04 -0400, ScruLoose wrote: > On Sat, Aug 09, 2003 at 05:11:26PM +0200, Wolfgang Fischer wrote: > > On Sat, 09 Aug 2003 13:30:06 +0200, Anita Lewis wrote: > > > A user can ftp in and work on pages in their own public_html, but those > > > pages would appear in /~username. I want to be able to work on pages in > > > /var/www, because those pages come up when the domain name is accessed via > > > browser. /var/www is root.root > > > > > > Is there a way other than dropping the pages off as user via ftp, ssh and su > > > to root and move them, to do this? I'm thinking maybe there is a way using > > > groups. Or is there something wrong with my thinking about not allowing > > > root ftp?
As you already heard, there's definitely nothing wrong with your thinking there; that would be an extremely dangerous thing to do you'll have to set up /etc/proftpd.conf (or whatever the conf file is for your FTP server). ProFTP (& probably others) allows you to set up <VirtualHost> directives, similar to Apache, which you can use to keep providing access to UserDirs and provide /var/www as well, but due to the FTP protocol you need either: a dedicated IP address for each VirtualHost, or: to run ProFTP as a standalone server (as opposed to inetd) and assign each VirtualHost a different port number... at least that's my understanding, I never tried the second method maybe there are other ways.. > What I've done personally is to create a webauthors group, chgrp'ed > /var/www from root.root to root.webauthors, and added my regular user > account to that group. It seems to work okay for me. > > Mind you, I'm a complete newbie at the webserver thing, so before you > do what I did, you might want to wait and see whether some more > experienced folks point out some glaring problem with it... ;-) > I took this same tactic, so am curious what holes people will poke into it as well. I've even taken it a little further by sgid'ing /var/www: drwxrwsr-x 15 root www-adm 4096 Aug 9 18:31 www I also don't have root owning most of the webroot subdirectories, I *think* you're okay as long as it's not owned/writable by www-data (or whoever owns the Apache process) (and I am the only www-adm, so I don't have to worry about one site's owner getting into the other sites) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]