Re: How to give users ftp access to their sites safely
R. W. Rodolico wrote:
I have all user directories under /home/users. All web sites are
under /home/http/. I use the chroot function in proftp to ensure
that anyone ftp'ing in to the machine only has access to their
The problem is that some users need ftp access to their web sites
also. Symbolic links don't work because the link refers to something
outside the chroot root. So, I did a mount --bind for each user to
the web site they needed to access. This results in about 30 mounted
directories, problems on backup, and funky displays when I try to
issue the df command to see how much space I have. I can work around
all of these, but . . .
We're exploring similar issues.
Another problem with mount --bind is that you are limited to 200 or so
mounts per volume.
One thing we're considering is libpam-mount
Another is hard links
From our painful experience /home/http may not be a good way to go if
you ever decide to use suexec.
We have /home/sites and have to re-compile suxec to use a document root
different than /var/www every time there is a security patch for apache.
I'm sure there is a much better way. I don't mind changing the
directory structure around if I need to.
Any and all suggestions would be greatly appreciated.