Re: ftp best practices
On Tue, Mar 18, 2003, Defryn, Guy wrote: One thing I would like to prevent is the visibility of the config files in the directory. I tried setting the shell to nonexistent but ftp does not seem to allow that. Another option is to use pureftpd with the -x and -X flags. This won't prevent the files from being visible, but it will prevent any tampering via ftp. -Mahlon Mahlon E. Smithjabber id: [EMAIL PROTECTED] http://www.martini.nu/ get pgp key: [EMAIL PROTECTED] If you sit down at a poker game and don't see a sucker, get up. You're the sucker. pgp0.pgp Description: PGP signature
RE: ftp best practices
You mean the . files from the login or the (apache?) webserver configuration files (which do not have to be in the same directory structure as the site itself)? In regards to your nonexistant thing, man shells, then cat /etc/shells You might want to also look at /etc/ftpchroot (described in man ftpd). If you meant the apache config files, you could just have all the web files like: /home/username/sitename.ext/htdocs /home/username/sitename.ext/cgi-bin /home/username/sitename.ext/logs And then specify in the apache config something like ResourceConfig /usr/local/etc/apache/site_configurations/sitename.ext.srm.conf Or something of that nature. John Straiton [EMAIL PROTECTED] Clickcom, Inc 704-365-9970x101 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Defryn, Guy Sent: Monday, March 17, 2003 3:53 PM To: [EMAIL PROTECTED] Subject: ftp best practices I am setting up a webserver and I would like some opinions on this. I have created a partition for the sites and create a directory for each site. Then I create a user account and set the website folder as the home directory for that user. The user can now ftp in his directory and upload files. One thing I would like to prevent is the visibility of the config files in the directory. I tried setting the shell to nonexistent but ftp does not seem to allow that. Cheers To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ftp best practices
Defryn, Guy wrote: I am setting up a webserver and I would like some opinions on this. I have created a partition for the sites and create a directory for each site. Then I create a user account and set the website folder as the home directory for that user. The user can now ftp in his directory and upload files. One thing I would like to prevent is the visibility of the config files in the directory. I tried setting the shell to nonexistent but ftp does not seem to allow that. Cheers To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message I use proftpd in daemon mode . with these : Umask 002 Global AllowOverwrite yes Limit ALL SITE_CHMOD AllowAll /Limit /Global #limit users to their home dir DefaultRoot ~ UseReverseDNS off MaxLoginAttempts3 RequireValidShell no LsDefaultOptions-a TimeoutNoTransfer 900 IdentLookupsoff AllowRetrieveRestarton AllowStoreRestart on #hide files with no access to user HideNoAccesson To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: ftp best practices
On Tue, 18 Mar 2003, Defryn, Guy wrote: I am setting up a webserver and I would like some opinions on this. I have created a partition for the sites and create a directory for each site. Then I create a user account and set the website folder as the home directory for that user. The user can now ftp in his directory and upload files. One thing I would like to prevent is the visibility of the config files in the directory. I tried setting the shell to nonexistent but ftp does not seem to allow that. I would go in one of two directions. Either allow them full shell access via ssh, and allow FTP logins as well, or stuff using accounts altogether and have them ftp into a different sacrificial server, use a modern slightly safer ftp daemon like Pure-FTPd, virtual domains chrooting, and hook the two together using NFS, and scripts to tie account creation into the httpd.conf file. If you are going to have very large numbers of users, then I would seriously consider moving the whole disk storage system onto dedicated hardware, like NetApp NFS boxes. The first alternative still allows your users access to .* files, but if they are trusted and paying you good money that might not be such a bad thing - it will make you service more valuable to them. Bill. -- W. Palfreman. I'm looking for a job: Tel: 0771 355 0354 http://www.palfreman.com/william/ for my CV. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message