Re: Engarde and Best Practices for Web Sites.

From: Ryan W. Maple <ryan_at_nospam>
Date: Wed Jul 04 2001 - 03:31:56 GMT
To: engarde-users@engardelinux.org

On Sun, 1 Jul 2001, Jon Wyrick wrote:

>
> Could anyone on the list offer up some advice on Best Practices for
> remote administration of websites deployed on Engarde. I plan on
> creating a few Virtual servers for a few different domains, each of
> which will have different webmasters(content creators). Since I will be
> forced to use ftp (uugh!) for each of these users, I'm not sure what the
> best approach is. Should I let them ftp straight to the
> /home/httpd/www.somesite.com/html dir to place their content, so that
> changes go live right away (which is what they prefer "live updates that
> is")... Not sure what all that envolves since I do not allow ANON
> connections, and I so users are connected to their home dir right off.
> Or if there is some other creative/suggested method, like a cron job to
> move the content from the user dir to the correct virtual dir.. It just
> seems to me if you get the ftp user/pass which is clear text, then you
> will "own" the site.

Jon,

Please wrap your e-mails. :)

If you are chroot'ing users to their home directories, then writing directly to /home/httpd/.../html directly is impossible. This is an issue that has been rasied a few times, and our next version may have something to aleviate this (kinda like the e-smith "i-bays". Don't hold me to anything yet. :))

You could have a cron job to sync the contents. Something like this:

rsync -azv --delete /home/rwm/www.site.com/html/ /home/httpd/www.site.com/html/

I'm not sure what to say here. Here are your options:

Use scp
Use FTP, but don't chroot normal users

Check out this directive here (vsftpd.conf):

    89 # You may specify an explicit list of local users to chroot() to their home     90 # directory.
    91 chroot_list_enable=YES
    92 chroot_list_file=/etc/vsftpd.chroot_list

So you can default to not chrooting them, but chroot users that you don't like very much. ;)

Hope this helps,
Ryan

+-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+ Ryan W. Maple "I dunno, I dream in Perl sometimes..." -LW Guardian Digital, Inc. ryan@guardiandigital.com +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+

To unsubscribe email engarde-users-request@engardelinux.org with "unsubscribe" in the subject of the message.

This message: [ Message body ]
Next message: Adam Ray: "POP"
Previous message: Ryan W. Maple: "Re: xinetd / ftp question"
In reply to: Jon Wyrick: "Engarde and Best Practices for Web Sites."
Next in thread: Alexander Leschinsky: "Re[2]: Engarde and Best Practices for Web Sites."
Reply: Alexander Leschinsky: "Re[2]: Engarde and Best Practices for Web Sites."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]