How to give users ftp access to their sites safely - Debian

This is a discussion on How to give users ftp access to their sites safely - Debian ; I have all user directories under /home/users. All web sites are under /home/http/. I use the chroot function in proftp to ensure that anyone ftp'ing in to the machine only has access to their personal directory. The problem is that ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: How to give users ftp access to their sites safely

  1. How to give users ftp access to their sites safely

    I have all user directories under /home/users. All web sites are
    under /home/http/. I use the chroot function in proftp to ensure
    that anyone ftp'ing in to the machine only has access to their
    personal directory.

    The problem is that some users need ftp access to their web sites
    also. Symbolic links don't work because the link refers to something
    outside the chroot root. So, I did a mount --bind for each user to
    the web site they needed to access. This results in about 30 mounted
    directories, problems on backup, and funky displays when I try to
    issue the df command to see how much space I have. I can work around
    all of these, but . . .

    I'm sure there is a much better way. I don't mind changing the
    directory structure around if I need to.

    Any and all suggestions would be greatly appreciated.

    Thanks,

    Rod


    --
    Meddle not in the Affairs of Dragons
    for thou art crunchy, and good with catsup.



    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: How to give users ftp access to their sites safely

    reply below

    ######
    R. W. Rodolico wrote:
    > I have all user directories under /home/users. All web sites are
    > under /home/http/. I use the chroot function in proftp to ensure
    > that anyone ftp'ing in to the machine only has access to their
    > personal directory.
    >
    > The problem is that some users need ftp access to their web sites
    > also. Symbolic links don't work because the link refers to something
    > outside the chroot root. So, I did a mount --bind for each user to
    > the web site they needed to access. This results in about 30 mounted
    > directories, problems on backup, and funky displays when I try to
    > issue the df command to see how much space I have. I can work around
    > all of these, but . . .


    We're exploring similar issues.

    Another problem with mount --bind is that you are limited to 200 or so
    mounts per volume.

    One thing we're considering is libpam-mount

    Another is hard links

    From our painful experience /home/http may not be a good way to go if
    you ever decide to use suexec.

    We have /home/sites and have to re-compile suxec to use a document root
    different than /var/www every time there is a security patch for apache.


    >
    > I'm sure there is a much better way. I don't mind changing the
    > directory structure around if I need to.
    >
    > Any and all suggestions would be greatly appreciated.
    >
    > Thanks,
    >
    > Rod
    >
    >



    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: How to give users ftp access to their sites safely

    On Fri, Sep 23, 2005 at 02:25:22AM -0500, R. W. Rodolico wrote:
    > The problem is that some users need ftp access to their web sites
    > also. Symbolic links don't work because the link refers to something
    > outside the chroot root. So, I did a mount --bind for each user to
    > the web site they needed to access. This results in about 30 mounted
    > directories, problems on backup, and funky displays when I try to
    > issue the df command to see how much space I have. I can work around
    > all of these, but . . .
    >
    > I'm sure there is a much better way. I don't mind changing the
    > directory structure around if I need to.
    >


    Did you consider autofs? It is scriptable and usable to automagically mount
    a directory on demand and umount when no more used.

    --
    Francesco P. Lovergine


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

+ Reply to Thread