ftpd virtual www hosts

Michael Powell nightrecon at hotmail.com
Tue Sep 15 03:28:17 UTC 2009

Polytropon wrote:

> On Mon, 14 Sep 2009 12:10:35 -0400, Peasoup <info at peasoup.com> wrote:
>> Next I go to vipw to change the user's home dir to something in the
>> www area, which is owned by www:www. This is where my problems start
>> with being denied. I am assuming that uploading to the unprivileged
>> user www is getting in my way.
> A common way is to create a specific directory within the
> user's home directory, such as
> ~/public_html/
> which is accessed by the web server to obtain the files to
> be served. The user has his regular FTP access to his home
> directory, so he can put files into ~/public_html/ or just
> create a symlink into this directory from somewhere else in
> his home directory.
> I haven't done much webserver stuff recently, and I'm not
> quite sure I did understand your question correctly, so my
> suggestion could already be outdated.

This is facilitated by the Apache module mod_userdir. It utilizes the 
public_html folder in a user's home directory and usually in the default 
config shows up as http://www.someweb.somewhere/~username in the URI.

As you indicated before, each user can FTP to his own content this way. 
Because FTP is passing passwords in the clear I consider this a poor 
security practice and won't go near it myself.

However, if users could use sftp (from sshd) it would be a little more 
secure. You could also carry this one step further and issue each user a 
certificate, require certs to login, and disable password login. This is 
possibly overkill, as with sftp passwords will be inside the SSH tunnel and 
won't be in the clear.


More information about the freebsd-questions mailing list