PDA

View Full Version : Proper way to setup webmaster to work on his webpages remotely



pjviitas
9th November 2006, 12:51 AM
I posted something very similar in the servers forum but it might be better suited here.

Does anyone know the proper way to setup a webmaster so he can work on his webpages remotely?

Best Regards, Hedgehog

pdb
9th November 2006, 01:21 AM
Is he working out of /var/www/html or out of a personal public_html directory?

For file editing, ssh/scp work well for me. If you are thinking about a CMS type of deal, well, that's a whole different question....

pete_1967
9th November 2006, 01:33 AM
There's no one proper or best way to deal with that kind of requirement. It all depends on what is needed to be enabled, what kind of system environment you have, company policies, QA procedures etc etc. As pdb mentions, ssh+scp is easy, good and robust way to do it, but it may not suit your needs.

pjviitas
9th November 2006, 02:00 AM
The webmaster will most likely be a teenager so I don't want him/her wandering around the directory structure.

As for the working directory, whatever solution is the most dummy proof would be best.

I realize I may be completely on the wrong track here but this what I have so far:

CREATE WEBMASTER USER
useradd webmaster
passwd webmaster

CHROOT WEBMASTER
Uncomment the following from the /etc/vsftpd/vsftpd.conf file:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Create /etc/vsftpd/chroot_list file and add the following:
webmaster

RESTART FTP
/etc/service vsftpd restart

CHANGE GROUP OWNERSHIP ON HTML DIRECTORY
chown -R root:webmaster /var/www/html

CHANGE PERMISSIONS ON HTML DIRECTORY
chmod -R g+rw /var/www/html

Best Regards, Hedgehog

pjviitas
9th November 2006, 02:14 AM
I forgot to mention that the webmaster will be building webpages for a local Air Cadet Organization

pdb
9th November 2006, 07:24 AM
The webmaster will most likely be a teenager so I don't want him/her wandering around the directory structure.
Good call there.

I don't know the details of vsftpd and the chroot thing, but the overall idea looks sound. Will you give him only ftp access (i.e. no SSH)? If you're concerned about him digging around, that might be a good idea.

EDIT: The vsftpd.conf manpage indicates that enabling the chroot jail for your webmaster user will restrict him to his home directory. Do you need to set /var/www/html to be his home directory or make some kind of link so that /var/www/html points there?

pjviitas
9th November 2006, 01:45 PM
Thats correct...no telnet access in any shape or form.

However, after doing some digging around it seems that the chroot jail is flawless in its security and wont even allow the following of links out of the users home directory.

If this is the case then this is my only option:

CREATE WEBMASTER USER/GROUP
useradd webmaster -d /var/www/webmaster
passwd webmaster

CHROOT WEBMASTER
Uncomment the following from the /etc/vsftpd/vsftpd.conf file:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Create /etc/vsftpd/chroot_list file and add the following:
webmaster

RESTART FTP
/etc/service vsftpd restart

CHANGE HTTPD WEBSPACE
Change the following in the /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/webmaster"
<Directory "/var/www/webmaster">

RESTART HTTP
/etc/service httpd restart

If anyone has any other ideas at all on this I would really appreciate to hear them because this solution is a hack IMHO.

Best Regards, Hedgehog

sentry
9th November 2006, 01:51 PM
Look into virtual hosting.

You should be able to set up a virtual host that points to his user dir under /home.

pdb
9th November 2006, 02:56 PM
I wonder about making a normal home directory for webmaster, i.e. /home/webmaster, then make /var/www/html a symbolic link to /home/webmaster. You can't link OUT of the chroot jail, but linking to it should be no problem. Then down the road if you want to put your webserver stuff back in /var/www/html, there is no need to change anything in your httpd configuration, just delete the symbolic link and create it as a directory instead.

pjviitas
10th November 2006, 12:44 AM
Thanks for your help on this one pdb.

Without going to virtual hosting I believe this is the cleanest solution to this problem:

DISABLING IPTABLES
/etc/chkconfig iptables off
/etc/service iptables stop

DISABLING SELINUX
Set the following in the /etc/selinux/conf file:
SELINUX=disabled

ENABLING HTTPD
/etc/chkconfig httpd on
/etc/service httpd start

ENABLING FTP
/etc/chkconfig vsftpd on
/etc/service vsftpd start

CREATE WEBMASTER USER/GROUP
useradd webmaster
passwd webmaster

CHROOT WEBMASTER
Uncomment the following from the /etc/vsftpd/vsftpd.conf file:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Create /etc/vsftpd/chroot_list file and add the following:
webmaster

RESTART FTP
/etc/service vsftpd restart

MOVE HTML DIRECTORY OUT OF THE WAY
mv /var/www/html /var/www/html.original

CREATE A SYMBOLIC LINK BETWEEN THE HTML AND WEBMASTERS DIRECTORY
cd /var/www
ln -s /home/webmaster html

As per pdb advice if one needs to console into the box they should use ssh which was turned on my default on my standard fedora 5 install.

Thanks for all the help guys...you where great...this is exactly what I was looking for!

Best Regards, Hedgehog

pjviitas
10th November 2006, 01:23 AM
Got out of hand cutting and pasting...corrected version:

DISABLING IPTABLES
/sbin/chkconfig iptables off
/sbin/service iptables stop

DISABLING SELINUX
Set the following in the /etc/selinux/conf file:
SELINUX=disabled

ENABLING HTTPD
/sbin/chkconfig httpd on
/sbin/service httpd start

ENABLING FTP
/sbin/chkconfig vsftpd on
/sbin/service vsftpd start

CREATE WEBMASTER USER/GROUP
useradd webmaster
passwd webmaster

CHROOT WEBMASTER
Uncomment the following from the /etc/vsftpd/vsftpd.conf file:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Create /etc/vsftpd/chroot_list file and add the following:
webmaster

RESTART FTP
/sbin/service vsftpd restart

MOVE HTML DIRECTORY OUT OF THE WAY
mv /var/www/html /var/www/html.original

CREATE A SYMBOLIC LINK BETWEEN THE HTML AND WEBMASTERS DIRECTORY
cd /var/www
ln -s /home/webmaster html