Thanks to everyone for their suggestions. Based on some constraints, your advice, some googling, I arrived at this set-up, but I am not sure how secure it is.<div><br></div><div>1. The web creation software (iWeb on a Mac) only supports ftp and sftp to upload a site.</div>
<div>2. iWeb does not support the use of &quot;versions&quot; for the web pages. By that I mean iWeb is strictly one way - create a site and publish it. It cannot import an iWeb site, it has to start at the beginning. One can create a site and publish it, then edit the site, and publish again, but it cannot import or use a previous version of the site as a starting point. (I mention this because Eric suggested using git, which sounded like a great idea, but alas</div>
<div><br></div><div>I have this setup, but I could use some advice on how to make it more secure....</div><div><br></div><div>1. User account fred</div><div>2. fred&#39;s home is /var/www/domain/fred</div><div>3. /var/www/domain/fred has owner:group fred:fred </div>
<div>4. Document root is /var/www/domain/fred</div><div><br></div><div>Thanks,</div><div><br></div><div>Mark</div><div><br></div><div><div class="gmail_quote">On Wed, Dec 28, 2011 at 10:26 AM, Eric Shubert <span dir="ltr">&lt;<a href="mailto:ejs@shubes.net">ejs@shubes.net</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 12/27/2011 10:46 PM, Mark Phillips wrote:<br>
</div><div><div></div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I need to give a user access to my web server via sftp to upload web<br>
site changes. What is the best way to do this? I have several other<br>
sites on the same server, so I want to prevent them or anyone else who<br>
gains access to their account from being able to make changes to those<br>
sites or other parts of the server.<br>
<br>
Thanks,<br>
<br>
Mark<br>
<br>
</blockquote>
<br></div></div>
I use vsftp, which can be configured to allow users access only to their web site&#39;s tree. sftp might be able to do the same.<br>
<br>
Then, create their user such that their home directory is their web site&#39;s directory, and they cannot log in to the system (only vsftp) with an /etc/passwd entry like this:<br>
vsftpuser:x:511:511::/var/<u></u>vhosts/<a href="http://domain.com/docs:/sbin/nologin" target="_blank">domain.com/docs:/sbin/<u></u>nologin</a><br>
<br>
Files in their web site are owned by their user, with read permissions for &#39;other&#39; (o+r), which allows apache (or nginx) to read them.<br><font color="#888888">
<br>
-- <br>
-Eric &#39;shubes&#39;</font><div><div></div><div class="h5"><br>
<br>
------------------------------<u></u>---------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us" target="_blank">PLUG-discuss@lists.plug.<u></u>phoenix.az.us</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.<u></u>us/mailman/listinfo/plug-<u></u>discuss</a><br>
</div></div></blockquote></div><br></div>