[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to give users ftp access to their sites safely

reply below

R. W. Rodolico wrote:
I have all user directories under /home/users. All web sites are
under /home/http/. I use the chroot function in proftp to ensure
that anyone ftp'ing in to the machine only has access to their
personal directory.

The problem is that some users need ftp access to their web sites
also. Symbolic links don't work because the link refers to something
outside the chroot root. So, I did a mount --bind for each user to
the web site they needed to access. This results in about 30 mounted
directories, problems on backup, and funky displays when I try to
issue the df command to see how much space I have. I can work around
all of these, but . . .

We're exploring similar issues.

Another problem with mount --bind is that you are limited to 200 or so mounts per volume.

One thing we're considering is libpam-mount

Another is hard links

From our painful experience /home/http may not be a good way to go if you ever decide to use suexec.

We have /home/sites and have to re-compile suxec to use a document root different than /var/www every time there is a security patch for apache.

I'm sure there is a much better way. I don't mind changing the
directory structure around if I need to.

Any and all suggestions would be greatly appreciated.



Reply to: