Polytropon wrote: > On Mon, 14 Sep 2009 12:10:35 -0400, Peasoup <[email protected]> wrote: >> Next I go to vipw to change the user's home dir to something in the >> www area, which is owned by www:www. This is where my problems start >> with being denied. I am assuming that uploading to the unprivileged >> user www is getting in my way. > > A common way is to create a specific directory within the > user's home directory, such as > > ~/public_html/ > > which is accessed by the web server to obtain the files to > be served. The user has his regular FTP access to his home > directory, so he can put files into ~/public_html/ or just > create a symlink into this directory from somewhere else in > his home directory. > > I haven't done much webserver stuff recently, and I'm not > quite sure I did understand your question correctly, so my > suggestion could already be outdated. >
This is facilitated by the Apache module mod_userdir. It utilizes the public_html folder in a user's home directory and usually in the default config shows up as http://www.someweb.somewhere/~username in the URI. As you indicated before, each user can FTP to his own content this way. Because FTP is passing passwords in the clear I consider this a poor security practice and won't go near it myself. However, if users could use sftp (from sshd) it would be a little more secure. You could also carry this one step further and issue each user a certificate, require certs to login, and disable password login. This is possibly overkill, as with sftp passwords will be inside the SSH tunnel and won't be in the clear. -Mike _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
