Making the switch

qball15j · 01-02-2005, 06:27 AM

After about four years of running a Windows Server and learning it inside an
d out, I think I'm ready for some change. Looks like I'm going to go with T
inySofa Classic Server, I've tried a number of others but TinySofa seems to
be right for me.

I was going to switch everything over earlier to another box so I could mess
with TinySofa on my production server and use my current TinySofa box as my
webserver but I ran into a few problems and thought I'd better hold off.

I'll have a number of questions, so get prepared...

I'll start off with a few...

1. Security... Security... Security...
What to do, what not to do, etc.
I believe I pretty much got the basics covered but jsut want some more info.

2.When creating a new user, how would I go about having a public_html folder
created under that user's home directory and have permissions automatically
set so Apache can access it? (Automation is key)

This is related to my second question, when a user uploads a file via FTP th
e permissions aren't right for Apache to be able to read it. How would I go
about getting that straight so I dont have to change the permissions for ev
ery new file?

darkleaf · 01-02-2005, 07:44 AM

Here's a thread on LQ with security stuff in it.
http://www.linuxquestions.org/questi...threadid=45261

There's also a complete security forum here where you can get more specific answers I think.

qball15j · 01-02-2005, 10:09 AM

Thanks for that link, I can go off that for alot of good information.

Since that covers my security question, what about the others. I tried searching for a few things regarding my other questions but I haven't got anywhere so far.

ttolst · 01-02-2005, 10:27 AM

You can place files that you want all new users to get in "/etc/skel/". It should set the permissions to something like 644 automatically i think.

For the correct permissions, somewhere in your ftp servers configuration, it should set a standard Umask. It works in the opposite way of normal permissions. A umask of 000 will allow everyone everything, while 022 will remove write access to group and other, and is probably want you want. (default perms will then be 644)

qball15j · 01-02-2005, 11:16 AM

ttolst, That did the trick, I came across both those things before but didn't have enough information to know what they were used for or how they are used..

I haven't tested my new vsftpd config yet but I'm assuming its going to go right...

Thanks,
QBall

qball15j · 01-02-2005, 01:08 PM

Well, didn't think about posting this before but how would I get the permissions changed on the user's home directory automatically when creating a new user?

ttolst · 01-02-2005, 02:26 PM

hrm, this might vary from distro to distro. In debian, the adduser man page says this:

If the file /usr/local/sbin/adduser.local exists, it will be executed after the user account has been set up in order to do any local setup. The arguments passed to adduser.local are: username uid gid home-directory

But i am almost certain that this adduser command is debian specific, but you might want to check out the man pages for useradd, and if it exists, adduser.

qball15j · 01-02-2005, 03:23 PM

I think I found something....
/etc/default/useradd

# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel