|
FTP/webserver suggestions
I am setting up an intranet webserver and making it so you can ftp to that directory from anouther computer on the intranet, I needit so that they can upload the new html file to the directory and replace the old one for updates, I am not sure how I should set this up,
I would like to make it so that a user has access to that directory and can not leave that directory but has full controll over that directory, but I am not sure how to set up a user like that and if I can do it on the FTP level, or on the Freebsd level, and I dont want them to be able to browse outside of that folder, kind of like when you are in annonomous ftp, except have to have a password and permissions to modify stuff also a side question, I set up my apache, and deleted the default directory www/data and then replaced it with the same directory cuase I know its a sym link, then I made a page and put it in that directory made sure that the httpd.conf said thats the right directory and it still shows the default "You have apache installed" page when I go to localhost...... what am I doing wrong, I also have my file named index.html just like the one in the file, I have set this up a milllion times in windows and never had this problem |
oh one more ?? how do I shut off my anonymous ftp I just found out about ftpchroot so I can put people in ftp jail so I need to shut off that anon ftp
|
1) It all depends. If you have specific users that you want accessing your system, then you can "chroot" them into their home directories (depending on the FTP daemon software). I use ProFTPd, which does have the capability to do what you describe. The "chroot" is based upon group membership, but on a typical linux system, user "joe", for example, is a member of the "joe" group, so that shouldn't be a problem.
2) Make sure your apache user (assuming httpd is not running as root) has access to the files and folders. "ls -l" should show you the permissions. However, if it were permissions, I would expect a server error (on the client end) in comparison to the page you're receiving. Have you restarted the daemon since the file change? Checking the logs (usually /var/log/httpd) might not be a bad idea either. 3) Which ftp daemon are you running? If you are using ProFTPd, take out the <anonymous ... > section out of your /etc/proftpd.conf file and reload the ftp daemon. Let me know if you need further help. Good luck.... |
well for now I added some users to the ftpchroot directory so I can jail them, that solves the problem of being able to browse directories, then I made a user in the wheel group that was jailed and made the webfile permisions to group writable so basically only me, root and that user can edit them but that user cant get out of that directory////////// does this sound good, and for now I just blocked anonymous in ftpusers till I find out how to shut it off, I am just using the normal ftp on this thing, I just went to sysinstall and enabled inetd and then uncommented FTP
what do you think of this setup I am going to check my logs right now see if I see anything wrong with the apache thanx for the hint I will let you know what it says |
here are a couple lines from my access log
127.0.0.1 - - [10/Jun/2004:16:25:01 -0400] "GET / HTTP/1.1" 200 1456 "http://www.locahost.com/" "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031208 Epiphany/1.0.6" 127.0.0.1 - - [10/Jun/2004:16:25:01 -0400] "GET /apache_pb.gif HTTP/1.1" 200 2326 "http://localhost/" "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031208 Epiphany/1.0.6" 10.1.2.36 - - [10/Jun/2004:16:25:52 -0400] "GET / HTTP/1.1" 200 1456 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M; .NET CLR 1.1.4322)" 10.1.2.36 - - [10/Jun/2004:16:25:52 -0400] "GET /apache_pb.gif HTTP/1.1" 200 2326 "http://10.1.2.33/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M; .NET CLR 1.1.4322)" 10.1.2.36 - - [10/Jun/2004:16:26:05 -0400] "GET /index.thm HTTP/1.1" 404 288 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M; .NET CLR 1.1.4322)" error log really doesnt have anything in it just stuff from shutdowns it looks like right now i am running as a user and I used SU to install apache and I added read permissions to the group, I dont know if that will help but I am going to restart now see if anything changes |
Well, jailing them in a folder is the whole point to the "chroot" feature. You have to decide what you want this user to be able to do, and then make a decision based upon your needs. You can also negate the group feature as follows:
DefaultChdir /directory group1,!group2 This means that if a user is a member of group1, but isn't a member of group2, they get "jailed" or "chrooted". If a user is a member of both groups in this scenario, they do NOT get chrooted. This might help you tweak that DefaultChdir if you need to. I have my admin users in a group (with many other users) that gets chrooted (for permission reasons), but I don't want the admins chrooted. I prefer not to run proftpd under xinetd, but both methods have their pros and cons. You lose some configurability control when you run under xinetd, but you may not need that control. If I recall correctly, xinetd allows you to control proftpd thread/memory usage, for the most part. As far as your apache is concerned, the logs aren't saying much, which means that apache thinks all is ok, but it isn't what you want (obviously). Check all your config files (there may be a httpd.conf and a httpdcommon.conf) to make sure the folder change was changed properly. I believe it has to be changed in several places. Let me know how it goes.... |
haha my apache problem was me being dumb!!!!!! I guess my website was fine, but I coudnt veiw it unless I was in root or opened a browser as a super user, however the rest of intranet computers can see it fine, so all is well
and thanx for the tip on the goup permissions thing, I will play with that a bit:D |
| All times are GMT -5. The time now is 01:08 AM. |