Re: exploring debian's users and groups

To: debian-devel@lists.debian.org
Subject: Re: exploring debian's users and groups
From: Marc Haber <debian-devel.lists.debian.org@marc-haber.de>
Date: Mon, 13 Aug 2001 14:25:22 +0200
Message-id: <[🔎] E15WGmY-0001q2-00@mailrelay.planNET.de>
In-reply-to: <[🔎] 20010812161839.A28004@plato.local.lan>
References: <[🔎] 20010807013548.A17529@kitenet.net> <[🔎] 20010807101804.J7902@salem.getuid.de> <[🔎] 20010808000921.B18908@tanglefoot.lunatech.com> <[🔎] E15Vh3r-0004k2-00@q.bofh.de> <[🔎] 20010811152023.B7109@plato.local.lan> <[🔎] E15W2eO-0007LW-00@mailrelay.planNET.de> <[🔎] 20010812161839.A28004@plato.local.lan>

On Sun, 12 Aug 2001 16:18:39 -0800, Ethan Benson <erbenson@alaska.net>
wrote:
>On Sun, Aug 12, 2001 at 11:19:59PM +0200, Marc Haber wrote:
>> The ftp daemon would then run as www-data?
>
>NO!!
>
>what are you smoking that gives you that idea??
>
>annoymous ftp should run as a dedicated ftpd user with NO PRIVILEGES,
>and should own NO FILES.  if you are irresponsible enough to allow
>lusers to login to thier accounts with ftp they will have the same
>privilieges and group memberships as a ssh login and thus would be
>able to modify the same files as in a ssh login.  

Neither am I talking about anonymous ftp, nor of shell users logging
in. What I am talking about is a web hosting environment, where -
unfortunately - ftp is still the preferred method of accessing the web
data for the customers. scp or other means are not an option since
neither Frontpage nor Dreamweaver can do anything but ftp and the
users don't have shell accounts on the web server. Access control is
managed via ftpd configuration, so the ftp daemon needs a user that
can write the www data files. If apache runs as www-daemon, and the
www data files are owned by www-data, the ftp daemon needs to run as
root or as www-data, otherwise uploads of new web content are not
possible.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to:

Follow-Ups:
- Re: exploring debian's users and groups
  - From: Ethan Benson <erbenson@alaska.net>
- Re: exploring debian's users and groups
  - From: Manfred Wassmann <manolo@NCC-1701.B.shuttle.de>

References:
- exploring debian's users and groups
  - From: Joey Hess <joeyh@debian.org>
- Re: exploring debian's users and groups
  - From: Christian Kurz <shorty@debian.org>
- Re: exploring debian's users and groups
  - From: Bart Schuller <schuller+debian-devel@lunatech.com>
- Re: exploring debian's users and groups
  - From: Marc Haber <debian-devel.lists.debian.org@marc-haber.de>
- Re: exploring debian's users and groups
  - From: Ethan Benson <erbenson@alaska.net>
- Re: exploring debian's users and groups
  - From: Marc Haber <debian-devel.lists.debian.org@marc-haber.de>
- Re: exploring debian's users and groups
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: trouble with mounts and ash
Next by Date: Re: "Section" in *.doc-base file.
Previous by thread: Re: exploring debian's users and groups
Next by thread: Re: exploring debian's users and groups
Index(es):
- Date
- Thread