From owner-freebsd-questions Mon Mar 17 13:11:17 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 939BE37B401 for ; Mon, 17 Mar 2003 13:11:15 -0800 (PST) Received: from ntli.com (pc1-glfd2-4-cust59.glfd.cable.ntl.com [81.99.187.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id A997043FAF for ; Mon, 17 Mar 2003 13:11:13 -0800 (PST) (envelope-from william@palfreman.com) Received: from aqua.lan.palfreman.com (localhost [127.0.0.1]) by ntli.com (8.12.3/8.12.3) with ESMTP id h2HLG18Q080828; Mon, 17 Mar 2003 21:16:01 GMT (envelope-from william@palfreman.com) Received: from localhost (william@localhost) by aqua.lan.palfreman.com (8.12.3/8.12.3/Submit) with ESMTP id h2HLG0Hf080825; Mon, 17 Mar 2003 21:16:00 GMT X-Authentication-Warning: aqua.lan.palfreman.com: william owned process doing -bs Date: Mon, 17 Mar 2003 21:16:00 +0000 (GMT) From: William Palfreman To: "Defryn, Guy" Cc: questions@FreeBSD.ORG Subject: Re: ftp best practices In-Reply-To: <9EA1E9775D329F4CB45B259FCA43F79F48B1FF@its-xchg3.massey.ac.nz> Message-ID: <20030317210538.L75401@ndhn.yna.cnyserzna.pbz> References: <9EA1E9775D329F4CB45B259FCA43F79F48B1FF@its-xchg3.massey.ac.nz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 18 Mar 2003, Defryn, Guy wrote: > > > I am setting up a webserver and I would like some opinions on this. > > I have created a partition for the sites and create a directory for each > site. Then I create a user account and set the website folder as the > home directory for that user. The user can now ftp in his directory and > upload files. > > > One thing I would like to prevent is the visibility of the config files > in the directory. I tried setting the shell to nonexistent but ftp does > not seem to allow that. I would go in one of two directions. Either allow them full shell access via ssh, and allow FTP logins as well, or stuff using accounts altogether and have them ftp into a different sacrificial server, use a modern slightly safer ftp daemon like Pure-FTPd, virtual domains & chrooting, and hook the two together using NFS, and scripts to tie account creation into the httpd.conf file. If you are going to have very large numbers of users, then I would seriously consider moving the whole disk storage system onto dedicated hardware, like NetApp NFS boxes. The first alternative still allows your users access to .* files, but if they are trusted and paying you good money that might not be such a bad thing - it will make you service more valuable to them. Bill. -- W. Palfreman. I'm looking for a job: Tel: 0771 355 0354 http://www.palfreman.com/william/ for my CV. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message