RE: ftp to webserver - not as rot

To: <ajlewis2@intac.com>, <debian-user@lists.debian.org>
Subject: RE: ftp to webserver - not as rot
From: Bengt Thurée <bengt@zag.att.ne.jp>
Date: Sun, 10 Aug 2003 00:18:19 +0900
Message-id: <[🔎] 022a01c35e89$79dc7f50$0214a8c0@WinXP>
In-reply-to: <[🔎] 20030809110356.GA13898@intac.com>

If you only allow SSH and not telnet, you should not really allow ftp
either.
Perhaps look into some more secure alternatives (like scp, sftp or
something)

Also, make sure that you do not run your webserver as root, since if someone
do manage to break in through your webserver, then they will have root
access 
to your system.

If Apache is running as another user (like www or www-data or something),
then
having the web files owned by root is only to make sure that if a hacker do
manage to break in, they can not change your web pages.
If you are not to concerned about this, by all means let your Apache process
(www?) own the /var/www directory structure, and then you can ftp in the new
files by the normal way.

Do not allow root direct access to your webserver, through ftp or ssh or
something.

Good luck

/Bengt

-----Original Message-----
From: Anita Lewis [mailto:ajlewis2@intac.com] 
Sent: Saturday, August 09, 2003 20:04
To: debian-user@lists.debian.org
Subject: ftp to webserver - not as rot


This may be a dumb question on the wrong list, but here goes.

I'm learning to set up a server via remote.  We've got a mail server going
and mailman as well.  We have apache going and have put some pages in
/var/www.  There's a firewall on it and it is set so that we can send and
receive mail, access the mail list, bring up pages in a browser, ssh in as
users, and ftp in as users.  We set it up so that root cannot ftp or ssh in.

A user can ftp in and work on pages in their own public_html, but those
pages would appear in /~username. I want to be able to work on pages in
/var/www, because those pages come up when the domain name is accessed via
browser.  /var/www is root.root 

Is there a way other than dropping the pages off as user via ftp, ssh and su
to root and move them, to do this?  I'm thinking maybe there is a way using
groups.  Or is there something wrong with my thinking about not allowing
root ftp?

Thanks.
Anita


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- ftp to webserver - not as rot
  - From: Anita Lewis <ajlewis2@intac.com>

Prev by Date: Re: Let's Put SCO Behind Bars
Next by Date: Re: ftp to webserver - not as rot
Previous by thread: ftp to webserver - not as rot
Next by thread: Re: ftp to webserver - not as rot
Index(es):
- Date
- Thread