Date: Mon, 14 Sep 2009 23:27:07 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: ftpd virtual www hosts Message-ID: <h8n1jl$u0m$1@ger.gmane.org> References: <57998B4D-84FF-450E-9DC7-70BE8D1681C8@peasoup.com> <20090914231343.ae27d3da.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Polytropon wrote: > On Mon, 14 Sep 2009 12:10:35 -0400, Peasoup <info@peasoup.com> wrote: >> Next I go to vipw to change the user's home dir to something in the >> www area, which is owned by www:www. This is where my problems start >> with being denied. I am assuming that uploading to the unprivileged >> user www is getting in my way. > > A common way is to create a specific directory within the > user's home directory, such as > > ~/public_html/ > > which is accessed by the web server to obtain the files to > be served. The user has his regular FTP access to his home > directory, so he can put files into ~/public_html/ or just > create a symlink into this directory from somewhere else in > his home directory. > > I haven't done much webserver stuff recently, and I'm not > quite sure I did understand your question correctly, so my > suggestion could already be outdated. > This is facilitated by the Apache module mod_userdir. It utilizes the public_html folder in a user's home directory and usually in the default config shows up as http://www.someweb.somewhere/~username in the URI. As you indicated before, each user can FTP to his own content this way. Because FTP is passing passwords in the clear I consider this a poor security practice and won't go near it myself. However, if users could use sftp (from sshd) it would be a little more secure. You could also carry this one step further and issue each user a certificate, require certs to login, and disable password login. This is possibly overkill, as with sftp passwords will be inside the SSH tunnel and won't be in the clear. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h8n1jl$u0m$1>