[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Allow FTP in, but not shell login

Yes, we've got a bunch of people here using IE5x to update our sites via webDAV. You just open IE and click File->Open->(O)pen as web folder and then put in the URL. You then see the site much as you would if Indexing were somehow left enabled and can then drag-n-drop your files and folders.

You'll need to have dav_module loaded in your webserver conf file, and then have a "DAV On" line in your <Directory> directive. There are other options as well. The documentation for a first-time DAV newbie is pretty dismal.. maybe the latest versions of the various Apache books (I tend to gravitated towards O'Reilly & Assoc...) have better info.

DAV is really great for this as it keeps users in their comfort zone of a GUI-based OS (you wouldn't believe the comical horror of some pure Windoze users at a command-line session...).

At 01:01 PM 3/14/2001 +0000, Mike Moran wrote:
Kenneth Pronovici wrote:
> >  you can change user's shell to /dev/null
> Well... it doesn't look like I can log in via telnet or FTP without
> a valid login shell.  I tried that with various entries other than
> /dev/null ...

If all that is needed is web page upload access, you could try
installing WebDAV[1] and then disabling ftp entirely. Passwords for
WebDAV are those used by apache for restricting access.

You'd have to get them to use a WebDAV client though. I use "sitecopy"
on unix and "Goliath" on MacOS. Dunno about Windows. Hmm, I think the
"web folders" feature of Windows is actually just WebDAV.

[1]: http://www.webdav.org

                   Web: http://houseofmoran.com/
               AvantGo: http://houseofmoran.com/Lite/

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Eric N. Valor
Lutris Technologies

- This Space Intentionally Left Blank -

Reply to: