#1  
Old 3rd September 2007, 17:44
t-mug t-mug is offline
Member
 
Join Date: Jun 2007
Posts: 70
Thanks: 11
Thanked 6 Times in 5 Posts
Default Email FTP Separation

Hi,

My very present problem is: a customer wants a webdesign company to handle his hompage and thats why he's about to to give them ftp access by giving his email username and password away. How can my customer prevent the company reading his email as well? (I know, he can't.)

My first idea to solve this was to generate another (combined ) email-ftp account for this. But this kind of ftp links not to the main web directory of my customer but to the subdir web of the new company account. To change the companys webdir into a soft link to the main web dir - my last stupid idea - didn't work, because it links out of ftp root.
To soft-link otherwise to the companys subdir from the main web dir is not to recommend I feel - because if the customer has the idea to delete the ftp access (access of this company no longer required, work is done) he's going to loose his brand new hompage as well.

Is there a simple work around I don't see? Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 3rd September 2007, 17:52
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

Just create a new account and make it the "Administrator".
Your client probably doesn't need to be administrator because he probably has shell access anyhow, does he?
The "Administrator" of the web cannot read other users' mail.
Reply With Quote
  #3  
Old 3rd September 2007, 21:24
t-mug t-mug is offline
Member
 
Join Date: Jun 2007
Posts: 70
Thanks: 11
Thanked 6 Times in 5 Posts
Default 3rd Party admin

Hi,

do you suggest setting a 3rd party company as the administrator of the web at all? I'd say, I hesitate to do that

Unfortunately I'm not familiar with proftpd - but (while the customer cannot obviously) where in the config files can I set up a separate ftp account, which will be not be overwritten by the next ISPconfig run? Do you know that?

I suppose the little advantage "hackig beyond ISPconfig" could be, that the ftp root path set by hand could be
Code:
/var/www/web*_*/web
and this could circumvent the issue.

But I'm really really not happy with hacks like this ... it's like not using ISP managment software.
Reply With Quote
  #4  
Old 3rd September 2007, 21:53
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

I perfectly understand your issues.

However, being the "administrator of the web" in ISPconfig just means being able to manage the web sites (main and user webs). I guess that is what you wanted. Beyond that, the "administrator" has no further rights. That is why I put the word administrator between inverted commas here all the time:
- They can not read, delete or edit any other user files (that have no group permissions set)
- Therefore, they also can not read other user's mail.
- They can not create or delete accounts.
- They are just a normal user except that their home is not in /home/webX/user/webX_user but directly in /home/webX/
(So maybe one should rename this feature from "administrator" to "webmaster" or something.)

To set up custom accounts, changing proftpd configuration will not help. You would have to change passwd/shadow files. But I do not think you can do that without modifying ISPconfig templates or so. But as I am trying to make your understand, there is no need to.
Reply With Quote
The Following User Says Thank You to jmroth For This Useful Post:
t-mug (3rd September 2007)
  #5  
Old 3rd September 2007, 23:59
t-mug t-mug is offline
Member
 
Join Date: Jun 2007
Posts: 70
Thanks: 11
Thanked 6 Times in 5 Posts
Default Thanks

Thank you for your patience and explanation.

I understand a small piece more now, I hope. Well, I was a bit confused about administrators - so the customers ISPconfig admin account and the web administrator are two guys with different rights

The customer has to uncheck his web admin role and to activate the web admin checkbox on the temporary personnels new user-account (with unwanted email and ssh, if it is enabled for the web, right?). The new webmaster is ftp-linked to old web admins root then. Doing this, the customer looses the same time his ftp access on logs, cgi-bin and all the other stuff, because he will be linked by ftp to his user/web???_admin dir, right? He has then later to revert checkbox clicking to restore old relationships. Am I right? This seems to me - especially from the customers point of view - wheter very self-explanatory nor convenient. Even these customers who have to please for help from others, have to reconstruct such a concept...
Not all roads lead to Rome, but one is enough for now. Thank you, jmroth.
Reply With Quote
  #6  
Old 4th September 2007, 00:50
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

Quote:
Originally Posted by t-mug
I understand a small piece more now, I hope. Well, I was a bit confused about administrators - so the customers ISPconfig admin account and the web administrator are two guys with different rights
Yes. The ISPconfig account of the customer is only inside ISpconfig for administering stuff. It is defined in the customer in the screen "Login Data".

The "Administrator" of a domain is what we are talking about all the time, and is an actual user account in the system, which has nothing directly to do with ISPconfig.

Quote:
The customer has to uncheck his web admin role and to activate the web admin checkbox on the temporary personnels new user-account
Yes.

Quote:
(with unwanted email and ssh, if it is enabled for the web, right?).
Unfortunately, yes.

Quote:
The new webmaster is ftp-linked to old web admins root then.
Whoever is the "webmaster" or "administrator" (you know what I mean ) has their home (see second to last field in /etc/passwd) directly in /home/www/webX/ and not in /home/www/webX/users/webX_user. (That is what you call "ftp-link".) There is no "old" or "new" home for the web admin. The home directory is always /home/www/webX/, it is just the owner that changes. Additionally, technical things like the Maildir etc. are symlinked correctly to /home/www/webX/user/webX.

Quote:
Doing this, the customer looses the same time his ftp access on logs, cgi-bin and all the other stuff, because he will be linked by ftp to his user/web???_admin dir, right?
He will no longer see the logs/cgi-bin of the main web as he is now restricted to /home/www/webX/user/webXuser/, yes.

Quote:
He has then later to revert checkbox clicking to restore old relationships. Am I right?
He can do so at any time, yes.

Quote:
This seems to me - especially from the customers point of view - wheter very self-explanatory nor convenient.
Yeah, I agree, it might not be the most convenient way. There may be other ways to do this. However, once you understand how it works, you are welcome to make changes to it. Creativity is not forbidden

Oh and what you wrote before:
Quote:
To soft-link otherwise to the companys subdir from the main web dir is not to recommend I feel - because if the customer has the idea to delete the ftp access (access of this company no longer required, work is done) he's going to loose his brand new hompage as well.
You could of course do it that way, but before deleting the contractors account, copy the work over to the main directory...

Anyway, you should try to understand this stuff before you install a control panel like ISPconfig and even put customers in it
Reply With Quote
  #7  
Old 4th September 2007, 11:56
t-mug t-mug is offline
Member
 
Join Date: Jun 2007
Posts: 70
Thanks: 11
Thanked 6 Times in 5 Posts
Default

Quote:
Anyway, you should try to understand this stuff before you install a control panel like ISPconfig and even put customers in it.
Yes, you're probably right. Though I always have preferred learning by doing... and trusting on conventions during that process of learning. Trusting on conventions (e.g. how software should work) is a rather important part not only of my life. I think that software needs to be as much as possible to be self-explanatory. Would you ever say: decompose your car and understand ists concept before driving it and taking people with you?
Leave your customer allone with the ISPconfig GUI und he leaves you. Thats why ISPconfig is a love-hate of mine. You need to be a car mechanic. Look above: what are we discussing? A customer wants to give FTP access to a third party design company. That happens, right? What would you expect - if you're not a car mechanic? I would expect, for me is nothing to do. The customer trusts the company and gives his FTP login data to the company. Maybe after that he changes his password and well done so far! Never the hell would you expect that the design company can take the ftp login data and set up an email account in any email client software. Or have automatically secure shell access. But because this software is open source, everybody has the chance to know, that things within ISPconfig are handled this way. Except my poor customer. He's not interested in ISP software. He maybe gets his Email read by ISP software interested design company workers. You're right, I'm angry about that. You asked me:
Quote:
Anyway, you should try to understand this stuff before you install a control panel like ISPconfig and even put customers in it.
Yes, you're right.
Reply With Quote
  #8  
Old 4th September 2007, 15:04
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
 
Default

Quote:
Would you ever say: decompose your car and understand ists concept before driving it and taking people with you?
Even I don't do that (although that could save you lots of money)
I just meant that when you get a new car, or borrow a car from someone else, you first familiarize yourself with where all the controls are located and what they do etc. Especially before taking people (in this case paying customers) with you.
But never mind, I guess you now know what's going on.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
unlink email and ftp accounts daimmo Feature Requests 1 3rd August 2007 12:45
ftp problems tgansert Installation/Configuration 20 27th May 2006 19:06
WEB UI FTP not working gimhan90 Installation/Configuration 2 16th March 2006 08:03
Website users? ctroyp General 25 6th January 2006 18:02
FTP & Email access jon335 General 3 8th October 2005 03:08


All times are GMT +2. The time now is 06:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.