First SSH would be the best and most secure solution, you setup Apache so that each user has his site in his homedir, and set the chroot for each user is his home directory, they can update their site easily with scp through ssh or with a windows scp client winscp.
Alternative you could write a cgi site(https for absolute security) for file uploading, just like other webhosters do, perl is your friend. FTP, Samba I agree is bullshit, unless you do it this way, our company has a ftp server outside our network. This machine is not allowed to connect to any boxes inside our network, blocked by firewall. Only machines inside can download from that FTP. The procedure is, that the customer updates his stuff on the outside machine, an inside maschine then gets the new content and puts it live, of course everything works automatically. So even if someone manages to hijack that ftp he can't harm or compromise any boxes on the internal network, since the outside box only runs ftp and is configured to stand against brute force it is pretty hard to do anything, but that was just some idea, we do it because we don't want any access to our internal network :-) ----- Original Message ----- From: "Matthias F. Brandstetter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 05, 2003 9:03 PM Subject: [gentoo-user] which type of access to a webserver? > Hi all, > > I have a question to all of you: What do you think, which would be the > "best", ie. "most secure" access to a webserver, so that users can update > their sites? > > To be more specific: I can't allow ssh login for most of this users for > several reasons, that's why I set /bin/false as login shell for them. Ok, > so no ssh, no ftp (sidenote: I hate [S]FTP[S] for several reasons, ee. > firewall issues and so forth). > > Ok, next: Samba. Can't use that, because many ISPs block needed ports, same > goes for NFS. > > What other options do I have? I need read/write access for those users, but > chroot'ed to their home directory as a must! And connections have to be > encrypted. > > Do you have some ideas for me? > Greetings and TIA, Matthias > > -- > Bart: I'll take up smoking and give that up. > > Homer: Good for you, son. Giving up smoking is one of the hardest > things you'll ever have to do. Have a dollar. > > Simpsoncalifragilisticexpiala(annoyed grunt)ocious > > > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list
