From owner-freebsd-questions@FreeBSD.ORG Fri Apr 4 22:56:11 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B3F437B401 for ; Fri, 4 Apr 2003 22:56:11 -0800 (PST) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01A0443F75 for ; Fri, 4 Apr 2003 22:56:07 -0800 (PST) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.14 #3 (FreeBSD)) id 191hYx-000LDj-DA; Sat, 05 Apr 2003 09:54:03 +0300 Date: Sat, 5 Apr 2003 09:54:03 +0300 From: Odhiambo Washington To: admin2 Message-ID: <20030405065403.GC71101@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , admin2 , FBSD-Q References: <20030404180012.M11940@enabled.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030404180012.M11940@enabled.com> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Fortune: Ask not for whom the tolls. X-Operating-System: FreeBSD 4.8-RC i386 X-Best-Window-Manager: Blackbox X-Mailer: Mutt 1.5.3i (2002-12-17) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. X-Uptime: 9:47AM up 13 days, 22:04, 6 users, load averages: 0.84, 0.84, 0.77 User-Agent: Mutt/1.5.3i cc: FBSD-Q Subject: Re: newbie: www directory access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Apr 2003 06:56:11 -0000 * admin2 [20030404 21:24]: wrote: > > Running FreeBSD4.7 Stable > > I am virtually hosting some www domains. I am using apache. > > What is the standard recommended convention for allow specific users update > access to specific www directories? Should I just create a separate > /etc/group for each virtual host? Make that directory the user's home directory, and give the user ftp access. Here is how I did mine: I got some shell from the net that I used. Save this as /sbin/wwwftp and then do chmod 755 /sbin/wwwftp then edit /etc/shells and add a line that reads /sbin/wwwftp Now when you add a user who will be updating some www directory, assign them /sbin/wwwftp as the shell and make their home directory to be the directory whose contents they have to update. For example, if the DocumentRoot for foobar.com is /usr/local/www/htdocs/foobar and the user who will update the contents of this directory is called johndoe, this is what you will have Username : johndoe Shell : /sbin/wwwftp Home : /usr/local/www/htdocs/foobar Finally, here is the content of wwwftp: #!/bin/sh -p # # filesonly by Michael Grant # # no -c option, offer to change passwd if [ "$1" != '-c' ]; then echo "You may only change your password or hit return to exit" /usr/bin/passwd echo "You may only ftp or scp with this account." exit fi # $2 contains command to exec, split it into args set $2 # Verify if the command is scp if [ \( "$1" = 'scp' \) -a \( "$2" = '-t' \) -o \( "$2" = '-f' \) ]; then # Exec scp directly so there can be no mistake exec /usr/bin/scp $2 $3 exit fi # Verify if it's the sftp command if [ \( "$1" = '/usr/local/libexec/proftpd' \) -o \( "$1" = proftpd \) ]; then exec /usr/local/libexec/proftpd exit fi echo "Command not found." exit -Wash -- Odhiambo Washington "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD." GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-) Information Center, n.: A room staffed by professional computer people whose job it is to tell you why you cannot have the information you require.