FTP User Permissions: Can I create "read-only"?

Discussion in 'General' started by HarborTech, Feb 20, 2012.

  1. HarborTech

    HarborTech New Member

    Hello, I'm trying to accomplish something for a client and I'm not sure if I'm going about this the right way. I've searched the forums here and found lots of information, but not exactly like what I'm trying to do.

    I've got a customer who puts out bid notices. He wants hosted FTP storage space where he can 1) create a new FTP user for the specific bid, 2) upload documents related to that bid and 3) give out the FTP server information with an account for the bidders to utilize to login and retrieve the data. He does not want them to be able to add/delete documents, simply download them to read.

    Currently, he is achieving this with his own FTP server in-house (it's just killing his bandwidth on his meager T1). He has a master account that can access all FTP directories, then he creates "read-only" accounts for the bidders to use to access that specific bid information.

    Can I achieve something like this with ISPConfig 3? I can create FTP users with their own subdirectories, with a master account that has its root directory one level up so it can see them all, but I do not have any directory permissions to assign to the new FTP accounts so that they can only list and read the data.
    I would prefer to implement this via the web interface for ISPConfig 3 if possible, as opposed to manually securing down directories via console.

    Thank you for any information!

    Best regards,

    --Jason
     
  2. till

    till Super Moderator

    Why does he use FTP for this? The same functionality would be much easier to implement with http plus folder protection.

    1) Create a folder "bidders" inside the web folder.
    2) Create a folder for the new user: "bidders/user1".
    3) Add a folder protection for the "bidders/user1" folder in ispconfig and sent the username and password to the bidder. Optionally you can enable directory Listingfor that folder.

    With http ist much easier to access the doczuments as the bidders dont have to install a separate ftp client and its password protected as well.

    If you really have to use ftp then you can do this e.g. by chowning the directory of the ftp user to root and give the web user only read access.
     
  3. HarborTech

    HarborTech New Member

    Thank you very much! I was still running ISPConfig 3.0.3 and did not have the Folder Users capability yet. I've since upgraded and things are looking good, however I cannot find where to enable directory listings.
    Is there a setting for this in the management interface somewhere or do I need to enable that by other means?

    I'm digging through the forums in the meantime to find my answer.

    Best regards,

    --Jason
     
  4. HarborTech

    HarborTech New Member

    Here's what I've found in the meantime:

    Lots of information exists when searching about "how to enable directory listing". Almost everything I've found suggests going to the website settings in the ISPConfig interface, going to the Options menu and under "Apache Directives" add something similar to the following:

    <Directory /var/www/clients/client23/web27/web>
    Options +Indexes
    </Directory>

    I've done this, and what happens is it appends the above lines to the end of the configuration file for that vhost, just above the "</VirtualHost>" closing tag on the last line.

    When apache restarts, the site still does not allow me to list the directory contents of the folder I created. The folder does contain both .htaccess and .htpasswd files.

    If I console in, manually edit the vhost configuration file for this website, edit one of the above <Directory> entries to include "+Indexes" in its Options, and then restart apache - the site works just fine. However, once you make changes to the website in the administration panel, the vhost file gets rewritten and my change is lost.

    Other information that may be relevant is as follows:

    -Freshly upgraded to ISPConfig 3.0.4.3 (time to order a new manual, I believe, as Folders and Folder Protection were not a part of the previous manual I purchased!)
    -Debian Squeeze OS (Followed the perfect server install guide originally)
    -PHP for this website is set to Fast-CGI
    -vhost config file can be viewed via the following pastebin.com link - http://pastebin.com/MJvRTLQQ

    Thank you again for your assistance!

    Best regards,

    --Jason
     
  5. till

    till Super Moderator

    Add:

    <Directory /var/www/clients/client23/web27/web>
    Options +Indexes
    </Directory>

    and:

    <Directory /var/www/domain.tld/web>
    Options +Indexes
    </Directory>

    in the apache directives field and click on save.
     
  6. HarborTech

    HarborTech New Member

    Thank you again for your time!

    Apparently, it needs both Directory listings together? I thought I had tried this at one time as well, however now it appears to be working! I've created two folders via the ISPConfig interface and assigned usernames/passwords to them and they've both worked just fine.

    Thank you again!

    Best regards,

    --Jason
     

Share This Page