[vox-tech] Limiting FTP User access to certain subdirectories
Richard S. Crawford
rscrawford at mossroot.com
Thu May 1 09:54:45 PDT 2008
Here's what I'm trying to do. Maybe I'm shooting for the moon here, but it
can't hurt to try.
I have several sites on my host, and several users who need access to
subdirectories within those sites. For example:
/V_HOST/SITE_ONE/CAMPUS/COURSES
/V_HOST/SITE_TWO/CAMPUS/COURSES
We have educational designers who need to be able to get into the COURSES
directories of SITE_ONE and SITE_TWO, but not in any other subdirectory, or
any subdirectory above the COURSES subdirectories. In an ideal world, my
educational designers would only have to worry about one login, rather than
having to have a second login for each site.
I created a subdirectory under V_HOST called "designers". Under "designers"
I created one subdirectory for each designer. Then in each of those
subdirectories I created a symbolic link to the various COURSES
subdirectories. For example:
/V_HOST/DESIGNERS/USER_1
COURSES_ONE -> /V_HOST/SITE_ONE/COURSES
COURSES_TWO -> /V_HOST/SITE_TWO/COURSES
This didn't work until I gave the user account for each designers the same
UID as the user that owns the entire site. I thought it was a great solution
until I discovered that the education designers, once they followed the
symbolic links to the COURSES subdirectories, could then browse to higher
level directories in their FTP client. I trust the designers not to make any
willful changes to the code elsewhere, but accidents can happen. Plus we're
talking about allowing people outside our office having access to the
courses subdirectories.
I tried creating a new user account and switching ownership of the courses
subdirectories to that user, then setting the UID of one of my designers
accounts to the same UID as the new user, but I got a "permission denied"
error when I attempted to follow the symbolic link to the courses
subdirectory.
The host has SELinux enabled, and, unfortunately, I don't have the option of
disabling it.
Does anyone have any suggestions for how to go about doing what I want to
do? Am I living in a dreamworld here?
--
Richard S. Crawford (rscrawford at mossroot.com)
http://www.mossroot.com
Publisher and Editor in Chief, Daikaijuzine (http://www.daikaijuzine.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox-tech/attachments/20080501/4a6b738d/attachment.htm
More information about the vox-tech
mailing list