From owner-freebsd-isp  Thu Jun 28  0:49:58 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1])
	by hub.freebsd.org (Postfix) with ESMTP id 37AF637B403
	for <freebsd-isp@freebsd.org>; Thu, 28 Jun 2001 00:49:55 -0700 (PDT)
	(envelope-from kaltorak@quake.com.au)
Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id jdwbaaaa for <freebsd-isp@freebsd.org>; Thu, 28 Jun 2001 17:48:47 +1000
Message-ID: <3B3AE229.7BE40E9F@quake.com.au>
Date: Thu, 28 Jun 2001 17:52:09 +1000
From: Kal Torak <kaltorak@quake.com.au>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Eric Veraart <eric@monkey-online.net>
Cc: Colin Campbell <sgcccdc@citec.qld.gov.au>,
	freebsd-isp@freebsd.org
Subject: Re: Admin user in all groups
References: <Pine.BSF.4.33.0106280755290.97849-100000@guru.citec.qld.gov.au> <3B3A592A.6B3E69B3@monkey-online.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Eric Veraart wrote:
> 
> And then make a script that chowns everything in all the website dirs to
> admin after a user has upoaded it's own HTML file? It is a possibility,
> but I think there must be an easier way.


You will find with Proftpd you can specify the owner and group owner
of files in a given directory as well as the umask...

It was also mentioned that you made all the users anonymous to get
the chroot feature, but you can specify that everyone get chrooted
when they login...

In the basic server config I have a line saying

DefaultRoot ~ !wheel

Which means everyone gets chrooted to there home dir (~) except
people in group wheel... The list of exceptions is a comma separated
list, groups have a ! mark in front of them and users are just written
as normal... So you might have something like:

DefaultRoot ~ !wheel,admin,someuser,anotheruser

Then for the dirs of each web site put something like:

<Directory /hosted/company>
   UserOwner		admin
   GroupOwner		company
   Umask		003
</Directory>

That should solve your problems...

The reason you cant follow a symlink is because the user has been
chrooted to a directory, so to them nothing below this exists, its
the root... Allowing someone to follow a symlink out of a chroot
would not only be a major security hole but would defeat the whole
purpose of a chroot...

Good Luck!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message