l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2008 May 28 12:37

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Limiting FTP User access to certain subdirectories
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Limiting FTP User access to certain subdirectories



Here's what I'm trying to do. Maybe I'm shooting for the moon here, but it can't hurt to try.

I have several sites on my host, and several users who need access to subdirectories within those sites. For example:

/V_HOST/SITE_ONE/CAMPUS/COURSES
/V_HOST/SITE_TWO/CAMPUS/COURSES

We have educational designers who need to be able to get into the COURSES directories of SITE_ONE and SITE_TWO, but not in any other subdirectory, or any subdirectory above the COURSES subdirectories. In an ideal world, my educational designers would only have to worry about one login, rather than having to have a second login for each site.

I created a subdirectory under V_HOST called "designers". Under "designers" I created one subdirectory for each designer. Then in each of those subdirectories I created a symbolic link to the various COURSES subdirectories. For example:

/V_HOST/DESIGNERS/USER_1
     COURSES_ONE -> /V_HOST/SITE_ONE/COURSES
     COURSES_TWO -> /V_HOST/SITE_TWO/COURSES

This didn't work until I gave the user account for each designers the same UID as the user that owns the entire site. I thought it was a great solution until I discovered that the education designers, once they followed the symbolic links to the COURSES subdirectories, could then browse to higher level directories in their FTP client. I trust the designers not to make any willful changes to the code elsewhere, but accidents can happen. Plus we're talking about allowing people outside our office having access to the courses subdirectories.

I tried creating a new user account and switching ownership of the courses subdirectories to that user, then setting the UID of one of my designers accounts to the same UID as the new user, but I got a "permission denied" error when I attempted to follow the symbolic link to the courses subdirectory.

The host has SELinux enabled, and, unfortunately, I don't have the option of disabling it.

Does anyone have any suggestions for how to go about doing what I want to do? Am I living in a dreamworld here?

--
Richard S. Crawford (rscrawford@mossroot.com)
http://www.mossroot.com
Publisher and Editor in Chief, Daikaijuzine (http://www.daikaijuzine.com)
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.