1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

how to give ftp access to single user on directory within httpdocs

Discussion in 'Plesk for Linux - 8.x and Older' started by ilustrate, Jul 25, 2005.

  1. ilustrate

    ilustrate Guest

    0
     
    how do i give public access to a user providing content on a specific folder within httpdocs but yet limit him from accessing the rest of the site?

    i was thinking of giving him a webuser account but then we cannot link off ot files within webusers.
     
  2. poke

    poke Guest

    0
     
    I just googled your post and found this..... I hope it helps......

    Protecting Content Editors From Themselves
    Say you put together a nice, static site for a client. There's a lot of CSS, a fair amount of scripting (in whatever language — we'll assume PHP here), a handful of images, and a lot of HTML. The client is going to manage the site with a WYSIWYG editor.

    What's the biggest danger to your site? The person you hand it over to, of course. Invariably, they'll get into files they shouldn't, delete images they shouldn't, or embark on CSS "upgrades" that they shouldn't.

    Shortly thereafter, you'll get a call that begins, "The site doesn't look right..."

    How do you prevent this? Well, with a lot of hosts, you can finagle a few ways to prevent them from messing with things they shouldn't by using additional FTP users and some Apache directives.

    Many *nix-based Web hosting companies will allow you to set up additional FTP users with their own FTP directories. I'm going to use Plesk in this example, because that's the platform we use at Gadgetopia. Other systems have similar ends, but the file paths will be different.

    Consider this structure for a virtual host:

    /
    httpdocs
    conf
    cgi-bin
    web_users
    editor

    "/" is the root of the Apache virtual host. The master FTP account logs into this directory. There's a lot of things in here that you don't want messed with: the virtual host configuration files in "conf," and the Perl scripts in "cgi-bin," to name but two.

    With Plesk, when you create a new FTP user, they get a directory in "web_users." In this instance, we've created "editor." This user's files would be accessible with a URL of "www.site.com/~editor/" The "editor" directory, then, is their own virtual root.

    Let's say that our site has 10 HTML pages. When you're done developing everything, put these pages in the "web_users/editor" directory instead of the virtual root and give your editor FTP credentials to that directory only.

    Then, in the configuration file for the virtual root, add some lines like this:

    Alias ^/about_us.html$ [...]/web_users/editor/about_us.html

    ("[...]" would be replaced with the path to the Apache virtual root, be it "/home/httpd/vhosts/domain_name" as with Plesk or whatever.)

    This means, when a visitor requests the "About Us" page, Apache pulls it from the "editor" directory — to which the user has all rights.

    (Yes, this page can also be accessed like this:

    /~editor/about_us.html

    If that stresses you out, this directive...

    AliasMatch ^~editor/.*$ /doesnt_exist.html

    ...will send direct request to the editor directory spinning off into 404 land. An ugly, but effective, solution.)

    To manage the HTML content, the editor will FTP into the "editors" directory (they'll be deposited there when they use their credentials) and see only the HTML files in there. The "editor" directory will be the "top" directory the editor can get to. The editor won't see any of the PHP files you use to make the site run, nor will he or she be able to get into the cgi-bin, the configuration directory, the SSL source directory, etc.
     
Loading...