ftpd virtual www hosts
nightrecon at hotmail.com
Tue Sep 15 03:28:17 UTC 2009
> On Mon, 14 Sep 2009 12:10:35 -0400, Peasoup <info at peasoup.com> wrote:
>> Next I go to vipw to change the user's home dir to something in the
>> www area, which is owned by www:www. This is where my problems start
>> with being denied. I am assuming that uploading to the unprivileged
>> user www is getting in my way.
> A common way is to create a specific directory within the
> user's home directory, such as
> which is accessed by the web server to obtain the files to
> be served. The user has his regular FTP access to his home
> directory, so he can put files into ~/public_html/ or just
> create a symlink into this directory from somewhere else in
> his home directory.
> I haven't done much webserver stuff recently, and I'm not
> quite sure I did understand your question correctly, so my
> suggestion could already be outdated.
This is facilitated by the Apache module mod_userdir. It utilizes the
public_html folder in a user's home directory and usually in the default
config shows up as http://www.someweb.somewhere/~username in the URI.
As you indicated before, each user can FTP to his own content this way.
Because FTP is passing passwords in the clear I consider this a poor
security practice and won't go near it myself.
However, if users could use sftp (from sshd) it would be a little more
secure. You could also carry this one step further and issue each user a
certificate, require certs to login, and disable password login. This is
possibly overkill, as with sftp passwords will be inside the SSH tunnel and
won't be in the clear.
More information about the freebsd-questions