The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Scripts / handy tips
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Setting up Free Web Host ing service
Author: Jigz Nep 
Date:   11-06-02 02:36

Hi,

I have been looking everywhere, but to no avail, on how to set up BSD in such a way that each user won't be able to peep through other accounts' directory.

In other words, each user would virtually have his own BSD server with his own /home directory and not /home/username. Furthermore, for security purpose, system applications should not be accessible particularly httpd and its configuration files.

Thanks a lot

Reply To This Message
 
 Re: Setting up Free Web Host ing service
Author: mike 
Date:   17-02-03 23:07

You should chroot your users. For example if you are using the default ftpd you can add a group in the /etc/ftpchroot file like this

@wwwuser

And if you add a hostingaccount add him to the wwwuser and he will be chrooted. It is also possible to add every new user. But managing a group is easier then a lot of users.

Reply To This Message
 
 Re: Setting up Free Web Host ing service
Author: Shaun McNamer 
Date:   17-08-03 04:19

I've done a setup with FTP where, as described before every user is chrooted to their home directory, and then I setup aliases with Apache to reference their files. Works great.

I've also noticed that when you make the aliases you should be sure to include a blank directory in the default Apache directory of the same name, that way people will be able to get to it with an incomplete URL (missing the last slash) like http://www.something.com/whatever won't work unless you have an empty whatever directory. The people would simply get a 404. At least that's how things have been for me.

mike wrote:
>
> You should chroot your users. For example if you are
> using the default ftpd you can add a group in the
> /etc/ftpchroot file like this
>
> @wwwuser
>
> And if you add a hostingaccount add him to the wwwuser and he
> will be chrooted. It is also possible to add every new user.
> But managing a group is easier then a lot of users.

Reply To This Message
 
 Re: Setting up Free Web Host ing service
Author: shri 
Date:   18-12-03 12:46

Hi there ,

That was great to try this out ,Nice work ,but what if we want to give each user SSH access ,How will it work with chroot in ssh ...
Do u have any IDEA



Shri

Reply To This Message
 
 Re: Setting up Free Web Host ing service
Author: el_kab0ng 
Date:   06-10-04 14:50

Shouldn't this reside in the support section of the forums and not the handy scripts area?

Have you also looked into "jail"? (man jail)

Reply To This Message
 
 Re: Setting up Free Web Host ing service
Author: Jim Keller 
Date:   15-12-04 06:24

You will definitely want to look into jail(). I know CPanel has a product called jailshell that accomplishes this task, but it's not open source or free. You will most likely need to setup a baby FreeBSD system under every user's home directory, then jail() them into this directory. There is information on how to do this if you google "freebsd jail shell" or a similar phrase. Personally, I would just avoid giving shell access to your users altogether. It's very rare that a hosting customer will actually need shell access, especially since most people would still prefer just to edit locally and upload through FTP.

-Jim Keller
http://jim.centerfuse.net/projects/

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org