Results 1 to 4 of 4
-
05-08-2003, 11:31 AM #1New Member
- Join Date
- May 2003
- Location
- Bloomington, IN
- Posts
- 2
Howto Best Manage permissions on hosted accounts
Seeking some advice here.
I am currently hosting a resller's account at http://www.unitedhosting.co.uk/
They are using Ensim Webppliance.
Here's my problem: For a given client site, I need to allow the user's I am creating to manage files via ftp/ssh outside of their own /home/user directory. For example ... the main html directory of the domain URL: "/var/www/html". Since that is where the main website is. I am reselling hosting after all, which means people want to have access to the server space they are paying for. Limiting them to just a /home/user subdiretory in that space seems unprofessional.
Solution so far: Since I am not root, I cannot create groups on my virtual servers. So, I am making my files world writable so that my users can edit and upload to /var/www/html. This isn't good from a security standpoint.
I wish I could create and manage groups, so that I could just make the /var/www/html directory owned by me, the admin, but also writable by the groups that would include my selected users. I may have many users, many groups, and many different levels of access specs.
So far http://www.unitedhosting.co.uk/ has not been able to provide a supported way to create group level access to directories other then the /home/user directories.
I'm finding this really limiting becuase within a particular client's hosted environment I want them to be able to access the primary site directories for managing their own content, as well as I need the ability to create new directories and control access/permissions levels.
Questions:
1) Have you other resellers dealt with this under Ensim Webppliance? How do you handle it?
2) Is this just a limitation of Ensim Webppliance, what about other systems?
3) How do resellers typically manage user level access to in the hosted environment?
Thanks for any advice, I need it!!
Marc
-
05-08-2003, 12:01 PM #2Web Hosting Master
- Join Date
- Apr 2002
- Location
- Southampton, UK
- Posts
- 1,025
Re: Howto Best Manage permissions on hosted accounts
Originally posted by mgrubb
so that I could just make the /var/www/html directory owned by me, the admin, but also writable by the groups that would include my selected users. I may have many users, many groups, and many different levels of access specs.
Since apache uses virtualhosts, you, nor your clients need access to /var/www/html because all their HTML files are stored under /home/user.
If that isn't what you meant, please explain
-
05-08-2003, 12:22 PM #3New Member
- Join Date
- May 2003
- Location
- Bloomington, IN
- Posts
- 2
The websites files are being stored in /var/www/html. When my user's type in the domain name ... www.theirhosteddomain.com the files are serverd from /var/www/html.
I don't understand apache virtual hosts very well yet. Maybe that's my problem.
What I don't want is my user's accessing their websites at:
www.theirhosteddomain.com/user/fred
Are you telling me that I can just redirect the the primary domain to the /user/fred directory with an apache configuraiton?
-----
The above is my immediate concern. In general however it seems of great advantage to be able to create new directories anywhere within the hosted space and specifiy which users should and should not have access to these files.
Otherwise how would I create a shared space? Say I have a single client with 3 website contributors ... I create three user's each with their own email and such, hence each with their own /home/user directories. Then however I want to have a directory called Common with some web pages/scripts that they all work on. I would want to create a common directory they all had write access too and would accomplish that by adding them to a group that was applied to that directory. I can't create groups however with the way Ensim is working.
So, I'm frustrated right now
Sorry if I am being confusing, but this 1 user per 1 /home/username directory setup seems really limited in terms of secure file management.
---------
Are you just expected to share login information?
Thanks,
Marc
-
05-08-2003, 12:58 PM #4Registered User
- Join Date
- May 2003
- Location
- Ireland
- Posts
- 252
It can be done by root any enough, its mainly requested by clients to run geeklog to be honest. UH-Matt is the man to ask his support is A1 to be honest
if you had root which you dont you could
ls -lah
would check the permission of the actual folders and who owns it
chown -R admin109:admin109 /home/virtual/domain.com/var/www/