You are not logged in.
- Topics: Active | Unanswered
#1 2006-12-30 22:32:04
- harlekin
- Member
- From: Germany
- Registered: 2006-07-13
- Posts: 408
ftp- and webserver setup, grouping problem
Hello.
I've got a server and installed cherokee and vsftpd as I thought it is a good choice to run a webserver with.
I want to host a few domains and because of that I have to add certain ftp accounts so that they can upload stuff by themselves. Nothing new I am talking about.
But my problem is how do I realize this best?
cherokee runs as user `www` and group `www` as I read it is good to drop root previleges, which is basically even obvious.
I created the needed users with a home directory in /home/www/$username because I thought this is a good place to keep the data files for the ftp account as well as the domain.
But then a first problem occures. What if I grant more features to a certain user for example shell access. It would be nice if theres only one user name for each user and not user_ftp for ftp access, user_shell for shell access, etc. In order to archieve this I should put the files for ftp data into /home/username/ftp but vsftpd doesn't allow to change the ftp root directory to something other than the user's home directory or at least I don't know how to configure it.
Is this solution not possible to realize in general or is it a problem of vsftpd (and I should run another ftp service) or is it just a lack of knowledge?
Then further I noticed that every user can view other user's files because all files are owned by the group `users` and the chmod was something linke -rwxr-xr-x for the directories which isn't very secure. I thought: "Pah, easy to solve". Just change the chmod of each direcotory to -rwx------ as they're owned by the user. But then I realized that the webserver (www:www) cannot access the files anymore. "Bad luck", I thought, and changed the chmod of each file to -rw-r--- and made them being owned by the group `www`. "Very well", ran through my mind as all files and directories were owned by $user:www and have the "proper" chmod.
But again vsftpd doesn't seem to like this. When I upload a file via ftp it creates a chmod like this:
-rwx-------
And the file is owned by $user:users. Pitty that this doesn't fit into my conecept. Well again there's the question if vsftpd causes the problem or I do.
I mean, I'd like to set up a proper and secure web server but I don't know how to archieve it. Are my thoughts wrong or is vsftpd reaching its limits?
I read through the vsftpd documentation but there was no solution to my problem.
Is there a proper way to handle this or is it just a matter of opinion?
What do you think is best?
Thanks a lot.
harlekin
edit: I've already asked for help realting to a particluar problem of this post in this thread. I have to overread it or something. Sorry for that. : Is this the way to handle it or is it just a work-around. It seems to me as if it will run out of luck if my server becomes larger.
Hail to the thief!
Offline