Re: exploring debian's users and groups
On Sun, 12 Aug 2001 16:18:39 -0800, Ethan Benson <firstname.lastname@example.org>
>On Sun, Aug 12, 2001 at 11:19:59PM +0200, Marc Haber wrote:
>> The ftp daemon would then run as www-data?
>what are you smoking that gives you that idea??
>annoymous ftp should run as a dedicated ftpd user with NO PRIVILEGES,
>and should own NO FILES. if you are irresponsible enough to allow
>lusers to login to thier accounts with ftp they will have the same
>privilieges and group memberships as a ssh login and thus would be
>able to modify the same files as in a ssh login.
Neither am I talking about anonymous ftp, nor of shell users logging
in. What I am talking about is a web hosting environment, where -
unfortunately - ftp is still the preferred method of accessing the web
data for the customers. scp or other means are not an option since
neither Frontpage nor Dreamweaver can do anything but ftp and the
users don't have shell accounts on the web server. Access control is
managed via ftpd configuration, so the ftp daemon needs a user that
can write the www data files. If apache runs as www-daemon, and the
www data files are owned by www-data, the ftp daemon needs to run as
root or as www-data, otherwise uploads of new web content are not
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29