possible to have a super user/group for FTP?

Discussion in 'General' started by abubin, Mar 23, 2010.

  1. abubin

    abubin New Member

    I understand that every time a new website is created, it will create a new user called web1, web2, web3 and so on. Group will follow client1, client2 and so on.

    But the problem is, I want to have one FTP login that can access all the web sites and create, modify, delete files. Full access.

    Any idea?
  2. yoplait

    yoplait Member

    why don't you use SSH instead ?
  3. abubin

    abubin New Member

    i have no problems using ssh myself. But this is for users which I do not want them to have full access to the server. I want to keep things as simple as possible without compromising security.

    What I have to do now is after creating all the websites, change all the websites owner to web1:client1. The user with web1:client1 will have full access to all the websites.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats not possible for a simple technical reason. If you would upload files with such a user. you would get a 500er error in apache in all websites as the files have to bo owned by the user of a the website. If they are owned by any other user or group, suexec or suphp will treat this as security vialoation and the files will get blocked.

    So if you upload a file with e.g. ssh and the root user, you will have to login on the shell and chown the uploaded file afterwards to the user and group of the website.
  5. abubin

    abubin New Member

    ah..ok like that I better change back the folders to respective owner.

    So how about if I chmod files/folder to 775? That means the user in same group, client1 will be able to have full access to all websites.

    Anyway to override the creation of websites to web1:client1 only? Like for eg, client1, whenever websites created by client1 all user ownership will be web1 instead of following the next sequence.

    Or perhaps have the website ownership create under client's ID instead of web ID. That means all websites created by client1 will have ownership of client1:client1 instead of webX:client1. That way, client1 will only need 1 password to access all his/her websites. Instead of now, each website MUST have it's own FTP password for full access. If I want to lock my sub-user to a certain website only, a new FTP user can be easily created for eg, user111 with ownership of client1:client1 with root path locked to specified website.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    This will not work as this does not change the owner of the files. If the owner is a different user then web[ID], apache will throw an 500 error when you try to run that script file.

    You can do this by writing a new apache plugin for ispconfig. But please be aware that your setup will result in a much more insecure system and the client might loose all his sites if one of them gets hacked e.g. trough a vulnerable script. If you use the same user for all sites, you might even loose the complete server.
    Last edited: Mar 24, 2010
  7. abubin

    abubin New Member

    Please provide some hint on what files to modify in apache or ispconfig and how to make it such that future upgrades will not break the thing. It's okay if it breaks though as I just need to re-apply the changes.


Share This Page