Re: [suse-security] ftp server "best practice"
Hi Daniel,
I think what the software teams is looking to do is to setup an account for that customer on the ftp site where the customer can log in and download files intended for that customer only. That's simple with an ftp server since it will have the concept of a "home directory" for that ftp user. That concept also exists on a webserver. When you use the SuSE default config for a webserver, the http://server/~user/ is directed to the dir /home/user/public_html (apache: mod_userdir).
Of course, you'd still have to secure the dir with a .htaccess. I personally don't like the mod userdir, so we use normal subdirectories in /srv/www and have authentication to each dir by a .htaccess file. The authentication is done against a mysql database but afaik apache also supports auth against ldap. So, all the techie has to do is to create a directory for a certain user, copy a prepped .htaccess into it and modify the allowed users/groups in it. This can also be done by a script. mfg Jörn Ott -- ------------------------------------------------------------ Jörn Ott Telefon: (0 22 24) 94 08 - 73 EDV Service & Beratung Telefax: (0 22 24) 94 08 -74 Lohfelder Str. 33 E-Mail: mailto:white@ott-service.de 53604 Bad Honnef WWW: http://www.ott-service.de/
On Thursday 24 July 2003 18:57, Jörn Ott wrote:
Hi Daniel,
I think what the software teams is looking to do is to setup an account for that customer on the ftp site where the customer can log in and download files intended for that customer only. That's simple with an ftp server since it will have the concept of a "home directory" for that ftp user.
That concept also exists on a webserver. When you use the SuSE default config for a webserver, the http://server/~user/ is directed to the dir /home/user/public_html (apache: mod_userdir).
On Thursday 24 July 2003 18:57, Jörn Ott wrote:
Hi Daniel,
I think what the software teams is looking to do is to setup an account for that customer on the ftp site where the customer can log in and download files intended for that customer only. That's simple with an ftp server since it will have the concept of a "home directory" for that ftp user.
That concept also exists on a webserver. When you use the SuSE default config for a webserver, the http://server/~user/ is directed to the dir /home/user/public_html (apache: mod_userdir).
Of course, you'd still have to secure the dir with a .htaccess. I personally don't like the mod userdir, so we use normal subdirectories in /srv/www and have authentication to each dir by a .htaccess file. The authentication is done against a mysql database but afaik apache also supports auth against ldap.
If one does not feel like setting up mysql, one can also use the Berkley DB, along with dbmmanage that is included with Apache. The required modules is loaded in default SuSE httpd.conf Or can use a simple flat file containing encrypted password of users, using the htpasswd included with Apache. With few users, this might be the easiest approach. Note that you can use https along with basic authentication to add more security. Also make sure that the password file/db is not in the server root. To restrict access, you can set for each directory (in httpd.conf) which users/groups has access, and what type of access. With this setup you don't need to let each of your customers have local accounts on the server. See http://httpd.apache.org/docs/howto/auth.html For nice directory listing, one may use "IndexOptions FancyIndexing" in a Directory section, so there is no need make a fully fledged html page for each customer. Cheers, Sigfred.
participants (2)
-
Jörn Ott -
Sigfred Håversen