l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2008 May 01 13:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Limiting FTP User access to certain subdirectories
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Limiting FTP User access to certain subdirectories



On Thu, May 1, 2008 at 9:54 AM, Richard S. Crawford
<rscrawford@mossroot.com> wrote:
> Here's what I'm trying to do. Maybe I'm shooting for the moon here, but it
> can't hurt to try.
>
> I have several sites on my host, and several users who need access to
> subdirectories within those sites. For example:
>
> /V_HOST/SITE_ONE/CAMPUS/COURSES
> /V_HOST/SITE_TWO/CAMPUS/COURSES
>
> We have educational designers who need to be able to get into the COURSES
> directories of SITE_ONE and SITE_TWO, but not in any other subdirectory, or
> any subdirectory above the COURSES subdirectories. In an ideal world, my
> educational designers would only have to worry about one login, rather than
> having to have a second login for each site.
>
> I created a subdirectory under V_HOST called "designers". Under "designers"
> I created one subdirectory for each designer. Then in each of those
> subdirectories I created a symbolic link to the various COURSES
> subdirectories. For example:
>
> /V_HOST/DESIGNERS/USER_1
>      COURSES_ONE -> /V_HOST/SITE_ONE/COURSES
>      COURSES_TWO -> /V_HOST/SITE_TWO/COURSES
>
> This didn't work until I gave the user account for each designers the same
> UID as the user that owns the entire site. I thought it was a great solution
> until I discovered that the education designers, once they followed the
> symbolic links to the COURSES subdirectories, could then browse to higher
> level directories in their FTP client. I trust the designers not to make any
> willful changes to the code elsewhere, but accidents can happen. Plus we're
> talking about allowing people outside our office having access to the
> courses subdirectories.
>
> I tried creating a new user account and switching ownership of the courses
> subdirectories to that user, then setting the UID of one of my designers
> accounts to the same UID as the new user, but I got a "permission denied"
> error when I attempted to follow the symbolic link to the courses
> subdirectory.
>
> The host has SELinux enabled, and, unfortunately, I don't have the option of
> disabling it.
>
> Does anyone have any suggestions for how to go about doing what I want to
> do? Am I living in a dreamworld here?
>

How about groups?

1. Create a course_designers group.
2. Change group ownership of the COURSES directories to course_designers.
3. Add your designers' users to course_designers.

-Bryan
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!