From owner-freebsd-questions@FreeBSD.ORG Tue Sep 15 03:28:17 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 23B1510656A4 for ; Tue, 15 Sep 2009 03:28:17 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id A5DE68FC12 for ; Tue, 15 Sep 2009 03:28:16 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1MnOiD-0006lN-SI for freebsd-questions@freebsd.org; Tue, 15 Sep 2009 05:28:13 +0200 Received: from pool-72-75-63-116.washdc.east.verizon.net ([72.75.63.116]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 15 Sep 2009 05:28:13 +0200 Received: from nightrecon by pool-72-75-63-116.washdc.east.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 15 Sep 2009 05:28:13 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Followup-To: gmane.os.freebsd.questions Date: Mon, 14 Sep 2009 23:27:07 -0400 Lines: 40 Message-ID: References: <57998B4D-84FF-450E-9DC7-70BE8D1681C8@peasoup.com> <20090914231343.ae27d3da.freebsd@edvax.de> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-72-75-63-116.washdc.east.verizon.net Sender: news Subject: Re: ftpd virtual www hosts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nightrecon@hotmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 03:28:17 -0000 Polytropon wrote: > On Mon, 14 Sep 2009 12:10:35 -0400, Peasoup wrote: >> Next I go to vipw to change the user's home dir to something in the >> www area, which is owned by www:www. This is where my problems start >> with being denied. I am assuming that uploading to the unprivileged >> user www is getting in my way. > > A common way is to create a specific directory within the > user's home directory, such as > > ~/public_html/ > > which is accessed by the web server to obtain the files to > be served. The user has his regular FTP access to his home > directory, so he can put files into ~/public_html/ or just > create a symlink into this directory from somewhere else in > his home directory. > > I haven't done much webserver stuff recently, and I'm not > quite sure I did understand your question correctly, so my > suggestion could already be outdated. > This is facilitated by the Apache module mod_userdir. It utilizes the public_html folder in a user's home directory and usually in the default config shows up as http://www.someweb.somewhere/~username in the URI. As you indicated before, each user can FTP to his own content this way. Because FTP is passing passwords in the clear I consider this a poor security practice and won't go near it myself. However, if users could use sftp (from sshd) it would be a little more secure. You could also carry this one step further and issue each user a certificate, require certs to login, and disable password login. This is possibly overkill, as with sftp passwords will be inside the SSH tunnel and won't be in the clear. -Mike