vsftpd supports all the same (standard) protocols, and will work with anything that uses ftp or sftp. On 12/29/2011 07:46 PM, Mark Phillips wrote: > Eric, > > vsftp is in the Debian repositories, but the developer's tool does not > use it...only sftp or ftp. The program is iWeb on the mac. > > However, the article > http://www.debian-administration.org/articles/590 did the trick for me! > > Mark > > On Thu, Dec 29, 2011 at 12:20 PM, Eric Shubert > wrote: > > Oops. Sorry Mark. I forgot that you said sftp, which is part of > OpenSSH. I'm using vsftp, which does not require a login shell. > Probably why it's considered "very secure". ;) I expect that if > vsftp is in a debian repo, you could use that instead of sftp. > vsftpd is stock in the RHEL repos. > > > On 12/29/2011 08:04 AM, Mark Phillips wrote: > > Eric, > > The Debian equivalent to /sbin/nologin appears to be /bin/false. > When I > tried that, I could not sftp or ssh or gain access to the machine in > anyway. I am not sure if there is another Debian shell that > allows sftp > but not ssh. > > Thanks! > > Mark > > On Wed, Dec 28, 2011 at 9:54 PM, Eric Shubert > >> wrote: > > That should be ok. > > Be sure you have your ftp server configured such that they > cannot > access folders above/across their home folder. File > permissions may > handle this, but probably will not (many things are world > readable). > > Also, be sure that they cannot login to a command prompt by > setting > their login shell to /sbin/nologin (might vary with distro). > This is > commonly done for service accounts (apache, etc). > > > On 12/28/2011 03:38 PM, Mark Phillips wrote: > > Thanks to everyone for their suggestions. Based on some > constraints, > your advice, some googling, I arrived at this set-up, > but I am > not sure > how secure it is. > > 1. The web creation software (iWeb on a Mac) only > supports ftp > and sftp > to upload a site. > 2. iWeb does not support the use of "versions" for the > web pages. By > that I mean iWeb is strictly one way - create a site and > publish > it. It > cannot import an iWeb site, it has to start at the > beginning. > One can > create a site and publish it, then edit the site, and > publish > again, but > it cannot import or use a previous version of the site > as a starting > point. (I mention this because Eric suggested using git, > which > sounded > like a great idea, but alas > > I have this setup, but I could use some advice on how to > make it > more > secure.... > > 1. User account fred > 2. fred's home is /var/www/domain/fred > 3. /var/www/domain/fred has owner:group fred:fred > 4. Document root is /var/www/domain/fred > > Thanks, > > Mark > > On Wed, Dec 28, 2011 at 10:26 AM, Eric Shubert > > > > > >>> wrote: > > On 12/27/2011 10:46 PM, Mark Phillips wrote: > > I need to give a user access to my web server > via sftp > to upload web > site changes. What is the best way to do this? I > have > several other > sites on the same server, so I want to prevent > them or > anyone > else who > gains access to their account from being able to > make > changes to > those > sites or other parts of the server. > > Thanks, > > Mark > > > I use vsftp, which can be configured to allow users > access > only to > their web site's tree. sftp might be able to do the > same. > > Then, create their user such that their home > directory is > their web > site's directory, and they cannot log in to the > system (only > vsftp) > with an /etc/passwd entry like this: > > > vsftpuser:x:511:511::/var/______vhosts/domain.com/docs:/sbin/______nologin > > > > >> > > > Files in their web site are owned by their user, > with read > permissions for 'other' (o+r), which allows apache > (or nginx) to > read them. > > -- > -Eric 'shubes' > > > > ------------------------------______--------------------- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.__phoe____nix.az.us > > __p__lug.phoenix.az.us > > > >> > > To subscribe, unsubscribe, or to change your mail > settings: > http://lists.PLUG.phoenix.az.______us/mailman/listinfo/plug-______discuss > > >> > > > > > -- > -Eric 'shubes' > > ------------------------------____--------------------- > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.__phoe__nix.az.us > > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.____us/mailman/listinfo/plug-____discuss > > > > > > > -- > -Eric 'shubes' > > ------------------------------__--------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.__phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.__us/mailman/listinfo/plug-__discuss > > > -- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss