oops

---------- Forwarded Message ----------

Subject: Re: How to give users ftp access to their sites safely
Date: Friday 23 September 2005 13:37
From: Dan MacNeil
To: mimo

Hi mimo

You might reply to the list as I'm sure your info is of general interest.

You might also reply to Rod instead of me :->

#######

mimo wrote:
> Hi Rod
>
> there is two ways I could think of but not sure if either of them is of any
> use for you:
>
> 1) use /home/$USER/public_html as web root -- this is well supported by
> apache
>
> 2) separate login methods for web site and users. use ftp for /home/http (I
> would suggest using the default debian /var/www unless there are good
> reasons not to do so) and sftp/ssh for /home accesses
>
> Hope this helps
>
> mimo
>
> On Friday 23 September 2005 12:56, Dan M. MacNeil wrote:
>>reply below
>>
>>######
>>
>>R. W. Rodolico wrote:
>>>I have all user directories under /home/users. All web sites are
>>>under /home/http/. I use the chroot function in proftp to ensure
>>>that anyone ftp'ing in to the machine only has access to their
>>>personal directory.
>>>
>>>The problem is that some users need ftp access to their web sites
>>>also. Symbolic links don't work because the link refers to something
>>>outside the chroot root. So, I did a mount --bind for each user to
>>>the web site they needed to access. This results in about 30 mounted
>>>directories, problems on backup, and funky displays when I try to
>>>issue the df command to see how much space I have. I can work around
>>>all of these, but . . .

>>
>>We're exploring similar issues.
>>
>>Another problem with mount --bind is that you are limited to 200 or so
>>mounts per volume.
>>
>>One thing we're considering is libpam-mount
>>
>>Another is hard links
>>
>> From our painful experience /home/http may not be a good way to go if
>>you ever decide to use suexec.
>>
>>We have /home/sites and have to re-compile suxec to use a document root
>>different than /var/www every time there is a security patch for apache.
>>
>>>I'm sure there is a much better way. I don't mind changing the
>>>directory structure around if I need to.
>>>
>>>Any and all suggestions would be greatly appreciated.
>>>
>>>Thanks,
>>>
>>>Rod


-------------------------------------------------------


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org