*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am setting up an intranet webserver and making it so you can ftp to that directory from anouther computer on the intranet, I needit so that they can upload the new html file to the directory and replace the old one for updates, I am not sure how I should set this up,
I would like to make it so that a user has access to that directory and can not leave that directory but has full controll over that directory, but I am not sure how to set up a user like that and if I can do it on the FTP level, or on the Freebsd level, and I dont want them to be able to browse outside of that folder, kind of like when you are in annonomous ftp, except have to have a password and permissions to modify stuff
also a side question, I set up my apache, and deleted the default directory www/data and then replaced it with the same directory cuase I know its a sym link, then I made a page and put it in that directory made sure that the httpd.conf said thats the right directory and it still shows the default "You have apache installed" page when I go to localhost...... what am I doing wrong, I also have my file named index.html just like the one in the file, I have set this up a milllion times in windows and never had this problem
1) It all depends. If you have specific users that you want accessing your system, then you can "chroot" them into their home directories (depending on the FTP daemon software). I use ProFTPd, which does have the capability to do what you describe. The "chroot" is based upon group membership, but on a typical linux system, user "joe", for example, is a member of the "joe" group, so that shouldn't be a problem.
2) Make sure your apache user (assuming httpd is not running as root) has access to the files and folders. "ls -l" should show you the permissions. However, if it were permissions, I would expect a server error (on the client end) in comparison to the page you're receiving. Have you restarted the daemon since the file change?
Checking the logs (usually /var/log/httpd) might not be a bad idea either.
3) Which ftp daemon are you running?
If you are using ProFTPd, take out the <anonymous ... > section out of your /etc/proftpd.conf file and reload the ftp daemon.
well for now I added some users to the ftpchroot directory so I can jail them, that solves the problem of being able to browse directories, then I made a user in the wheel group that was jailed and made the webfile permisions to group writable so basically only me, root and that user can edit them but that user cant get out of that directory////////// does this sound good, and for now I just blocked anonymous in ftpusers till I find out how to shut it off, I am just using the normal ftp on this thing, I just went to sysinstall and enabled inetd and then uncommented FTP
what do you think of this setup
I am going to check my logs right now see if I see anything wrong with the apache thanx for the hint I will let you know what it says
error log really doesnt have anything in it just stuff from shutdowns it looks like
right now i am running as a user and I used SU to install apache and
I added read permissions to the group, I dont know if that will help but I am going to restart now see if anything changes
Well, jailing them in a folder is the whole point to the "chroot" feature. You have to decide what you want this user to be able to do, and then make a decision based upon your needs. You can also negate the group feature as follows:
DefaultChdir /directory group1,!group2
This means that if a user is a member of group1, but isn't a member of group2, they get "jailed" or "chrooted". If a user is a member of both groups in this scenario, they do NOT get chrooted. This might help you tweak that DefaultChdir if you need to. I have my admin users in a group (with many other users) that gets chrooted (for permission reasons), but I don't want the admins chrooted.
I prefer not to run proftpd under xinetd, but both methods have their pros and cons. You lose some configurability control when you run under xinetd, but you may not need that control. If I recall correctly, xinetd allows you to control proftpd thread/memory usage, for the most part.
As far as your apache is concerned, the logs aren't saying much, which means that apache thinks all is ok, but it isn't what you want (obviously). Check all your config files (there may be a httpd.conf and a httpdcommon.conf) to make sure the folder change was changed properly. I believe it has to be changed in several places.
haha my apache problem was me being dumb!!!!!! I guess my website was fine, but I coudnt veiw it unless I was in root or opened a browser as a super user, however the rest of intranet computers can see it fine, so all is well
and thanx for the tip on the goup permissions thing, I will play with that a bit
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.