Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Mar 2003 21:16:00 +0000 (GMT)
From:      William Palfreman <william@palfreman.com>
To:        "Defryn, Guy" <G.P.Defryn@massey.ac.nz>
Cc:        questions@FreeBSD.ORG
Subject:   Re: ftp best practices
Message-ID:  <20030317210538.L75401@ndhn.yna.cnyserzna.pbz>
In-Reply-To: <9EA1E9775D329F4CB45B259FCA43F79F48B1FF@its-xchg3.massey.ac.nz>
References:  <9EA1E9775D329F4CB45B259FCA43F79F48B1FF@its-xchg3.massey.ac.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 18 Mar 2003, Defryn, Guy wrote:

>
>
> I am setting up a webserver and I would like some opinions on this.
>
> I have created a partition for the sites and create a directory for each
> site. Then I create a user account and set the website folder as the
> home directory for that user. The user can now ftp in his directory and
> upload files.
>
>
> One thing I would like to prevent is the visibility of the config files
> in the directory. I tried setting the shell to nonexistent but ftp does
> not seem to allow that.

I would go in one of two directions.  Either allow them full shell
access via ssh, and allow FTP logins as well, or stuff using accounts
altogether and have them ftp into a different sacrificial server, use a
modern slightly safer ftp daemon like Pure-FTPd, virtual domains &
chrooting, and hook the two together using NFS, and scripts to tie
account creation into the httpd.conf file.  If you are going to have
very large numbers of users, then I would seriously consider moving the
whole disk storage system onto dedicated hardware, like NetApp NFS
boxes.

The first alternative still allows your users access to .* files, but if
they are trusted and paying you good money that might not be such a bad
thing - it will make you service more valuable to them.

Bill.

-- 
W. Palfreman. 			I'm looking for a job:
Tel: 0771 355 0354		http://www.palfreman.com/william/ for my CV.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030317210538.L75401>