Date: Thu, 28 Jun 2001 17:52:09 +1000 From: Kal Torak <kaltorak@quake.com.au> To: Eric Veraart <eric@monkey-online.net> Cc: Colin Campbell <sgcccdc@citec.qld.gov.au>, freebsd-isp@freebsd.org Subject: Re: Admin user in all groups Message-ID: <3B3AE229.7BE40E9F@quake.com.au> References: <Pine.BSF.4.33.0106280755290.97849-100000@guru.citec.qld.gov.au> <3B3A592A.6B3E69B3@monkey-online.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Veraart wrote: > > And then make a script that chowns everything in all the website dirs to > admin after a user has upoaded it's own HTML file? It is a possibility, > but I think there must be an easier way. You will find with Proftpd you can specify the owner and group owner of files in a given directory as well as the umask... It was also mentioned that you made all the users anonymous to get the chroot feature, but you can specify that everyone get chrooted when they login... In the basic server config I have a line saying DefaultRoot ~ !wheel Which means everyone gets chrooted to there home dir (~) except people in group wheel... The list of exceptions is a comma separated list, groups have a ! mark in front of them and users are just written as normal... So you might have something like: DefaultRoot ~ !wheel,admin,someuser,anotheruser Then for the dirs of each web site put something like: <Directory /hosted/company> UserOwner admin GroupOwner company Umask 003 </Directory> That should solve your problems... The reason you cant follow a symlink is because the user has been chrooted to a directory, so to them nothing below this exists, its the root... Allowing someone to follow a symlink out of a chroot would not only be a major security hole but would defeat the whole purpose of a chroot... Good Luck! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B3AE229.7BE40E9F>