Date: Sat, 5 Apr 2003 09:54:03 +0300 From: Odhiambo Washington <wash@wananchi.com> To: admin2 <admin2@enabled.com> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: newbie: www directory access Message-ID: <20030405065403.GC71101@ns2.wananchi.com> In-Reply-To: <20030404180012.M11940@enabled.com> References: <20030404180012.M11940@enabled.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* admin2 <admin2@enabled.com> [20030404 21:24]: wrote: > > Running FreeBSD4.7 Stable > > I am virtually hosting some www domains. I am using apache. > > What is the standard recommended convention for allow specific users update > access to specific www directories? Should I just create a separate > /etc/group for each virtual host? Make that directory the user's home directory, and give the user ftp access. Here is how I did mine: I got some shell from the net that I used. Save this as /sbin/wwwftp and then do chmod 755 /sbin/wwwftp then edit /etc/shells and add a line that reads /sbin/wwwftp Now when you add a user who will be updating some www directory, assign them /sbin/wwwftp as the shell and make their home directory to be the directory whose contents they have to update. For example, if the DocumentRoot for foobar.com is /usr/local/www/htdocs/foobar and the user who will update the contents of this directory is called johndoe, this is what you will have Username : johndoe Shell : /sbin/wwwftp Home : /usr/local/www/htdocs/foobar Finally, here is the content of wwwftp: #!/bin/sh -p # # filesonly by Michael Grant # # no -c option, offer to change passwd if [ "$1" != '-c' ]; then echo "You may only change your password or hit return to exit" /usr/bin/passwd echo "You may only ftp or scp with this account." exit fi # $2 contains command to exec, split it into args set $2 # Verify if the command is scp if [ \( "$1" = 'scp' \) -a \( "$2" = '-t' \) -o \( "$2" = '-f' \) ]; then # Exec scp directly so there can be no mistake exec /usr/bin/scp $2 $3 exit fi # Verify if it's the sftp command if [ \( "$1" = '/usr/local/libexec/proftpd' \) -o \( "$1" = proftpd \) ]; then exec /usr/local/libexec/proftpd exit fi echo "Command not found." exit -Wash -- Odhiambo Washington <wash@wananchi.com> "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD." GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-) Information Center, n.: A room staffed by professional computer people whose job it is to tell you why you cannot have the information you require.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030405065403.GC71101>