Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

best ftpd for public web servers.

4 views
Skip to first unread message

The Natural Philosopher

unread,
May 11, 2013, 8:56:06 PM5/11/13
to

Looking to allow users limited access to restricted areas to upload
web sites etc..
Whats teh latest and greatets for DEbian lenny, package wise.

I would prefer it if these users

- only had ftp access.
- shared a common LINUX user id
- all belonged to www-data.
- had a separate password file.
- ended up in the root of their webservers using FTP.


and finally, if code like PHP was enabled for them, is there anyway to
stop them using that to access other parts of the machine outside a
chroot jail? remembering that the code will be exercised by APACHE with
more wide reaching privileges than they have? will open_basedir in
apache config sort all that out?


Essentially I want to allow user to build their own websites without
compromising the machine or anyone else's sites.

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.

Robert Heller

unread,
May 11, 2013, 9:42:17 PM5/11/13
to
At Sun, 12 May 2013 01:56:06 +0100 The Natural Philosopher <t...@invalid.invalid> wrote:

>
>
> Looking to allow users limited access to restricted areas to upload
> web sites etc..
> Whats teh latest and greatets for DEbian lenny, package wise.
>
> I would prefer it if these users
>
> - only had ftp access.
> - shared a common LINUX user id
> - all belonged to www-data.
> - had a separate password file.
> - ended up in the root of their webservers using FTP.
>
>
> and finally, if code like PHP was enabled for them, is there anyway to
> stop them using that to access other parts of the machine outside a
> chroot jail? remembering that the code will be exercised by APACHE with
> more wide reaching privileges than they have? will open_basedir in
> apache config sort all that out?
>
>
> Essentially I want to allow user to build their own websites without
> compromising the machine or anyone else's sites.

I'd suggest that you just use WordPress and not bother with ftp at all.



--
Robert Heller -- 978-544-6933 / hel...@deepsoft.com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments



Chris Davies

unread,
May 13, 2013, 5:04:31 AM5/13/13
to
The Natural Philosopher <t...@invalid.invalid> wrote:
> Looking to allow users limited access to restricted areas to upload
> web sites etc..

> I would prefer it if these users
> - only had ftp access.
> - shared a common LINUX user id
> - all belonged to www-data.
> - had a separate password file.
> - ended up in the root of their webservers using FTP.

Me, I'd seriously consider sftp rather than ftp. There are plenty of
sftp-capable packages available; I'd recommend WinSCP for Windows,
for example.

If you really want to provide ftp, then I'd reluctantly recommend
vsftp. I'm pretty sure it satisfies everything on your shopping list.


> and finally, if code like PHP was enabled for them, is there anyway to
> stop them using that to access other parts of the machine outside a
> chroot jail?

If you've allowed PHP then you've allowed access to anything. (Even if
you don't install something, it becomes pretty easy to upload it.) So
you need to be absolutely sure your chroot jail is sufficient to restrict
your users.

Have you considered compute and memory resource management so as you
limit the collateral damage that a runaway process can trigger?

Chris

Joe Beanfish

unread,
May 13, 2013, 9:22:32 AM5/13/13
to
On Sun, 12 May 2013 01:56:06 +0100, The Natural Philosopher wrote:
>
> Essentially I want to allow user to build their own websites without
> compromising the machine or anyone else's sites.

Perhaps linux containers is what you want to keep users isolated.

The Natural Philosopher

unread,
May 13, 2013, 5:54:09 PM5/13/13
to
On 13/05/13 10:04, Chris Davies wrote:
> The Natural Philosopher <t...@invalid.invalid> wrote:
>> Looking to allow users limited access to restricted areas to upload
>> web sites etc..
>> I would prefer it if these users
>> - only had ftp access.
>> - shared a common LINUX user id
>> - all belonged to www-data.
>> - had a separate password file.
>> - ended up in the root of their webservers using FTP.
> Me, I'd seriously consider sftp rather than ftp. There are plenty of
> sftp-capable packages available; I'd recommend WinSCP for Windows,
> for example.
>
> If you really want to provide ftp, then I'd reluctantly recommend
> vsftp. I'm pretty sure it satisfies everything on your shopping list.
Ok I'd looked at that but wondered if there was anything better.

>
>> and finally, if code like PHP was enabled for them, is there anyway to
>> stop them using that to access other parts of the machine outside a
>> chroot jail?
> If you've allowed PHP then you've allowed access to anything.
there seems to be an apache level config for php (open_basedir) which
stops php accessing anything from apache webserver X outside of what's
specified in X's config file. I'll reserach that further@ hapy to
provide e.g. mysql access via local socket,. not happy to be anble to
file_read_contents of any file on the whole server :-)(


> (Even if
> you don't install something, it becomes pretty easy to upload it.) So
> you need to be absolutely sure your chroot jail is sufficient to restrict
> your users.
well its the right balance: you at upload php addons that are compiled
modules for example.

Nor can you mess with apache server settings and (some) PHP initfile
conditions either.

> Have you considered compute and memory resource management so as you
> limit the collateral damage that a runaway process can trigger?
Not yet, but I will..since you have said it. One I have considered is
having a separate way to access the server than the stock internal port
so that a flooded network wont block admin access. Its seems to me that
a hosted virtual server whose console is via a different route entirely
might be handy there, so that at some level you can stop server process
and look at the logs if it goes tits up.

> Chris
>
Chris many thanks. I looked at vsftp and wondered if it was the
generally recognised 'as good as it gets withkout encyrypting' sort. I
am not actually bothered if noddy e users get their passwords stolen by
wifi-ing them on in secure channels. I am concerned if the same
user/name password combo allows them access to parts of the machine they
aint paid for or part of the machine their privilege level does not
imply. So I am looking to find the right cost/benefit compromise that
gives them most of what they want with the least risk.

The idea is to provide my users potenatial and actual with as much
freedom as they can handle, knowing that they are a lazy security
unminjded bunch of total idiots who will break anything that can be
broken, and whose websites may well be attacked by people who dont like
them, or by people doing it just because they are there, and I want to
proto up a system on a virtual server I have first to test it all
out,...and see if I can break its security. Or stress its network to
effective saturation, and still get in and stop it.

To date I've been sticking peoples websites up for them, so that's fine.
To allow them enough freedom to stick their own up involves opening the
can of worms you have completely understood :-)

The Natural Philosopher

unread,
May 13, 2013, 6:08:41 PM5/13/13
to
NO. I am already inside a Xen hypervisor anyway. The user base dont need
full machine control, they want limited services with some pretty
clearly defined access to central services laid out tied up with a pink
ribbon and I want them nailed down :-)

And the appropiate level of services would be a virtual Apache server
operating on a chroot jail directorty tree. With a basic LAMP
infrastructure underneath.
I am thinking of pitching to build this for a particular customer whose
name will not escape me and who doesn't yet quite realise what they
need. I do know, and I want to be ready with that solution when *they*
do :-)

Al I can say its the old old story - they outsource their websites to a
bunch of 'creatives' who know nothing about networking architecture, or
resilience or security, and wonder why their server runs like a dog and
is assailed by DOS attacks and hack attempts...

Chris Davies

unread,
May 14, 2013, 5:27:37 PM5/14/13
to
The Natural Philosopher <t...@invalid.invalid> wrote:
> On 13/05/13 10:04, Chris Davies wrote:
>> If you've allowed PHP then you've allowed access to anything.

> there seems to be an apache level config for php (open_basedir) which
> stops php accessing anything from apache webserver X outside of what's
> specified in X's config file. I'll reserach that further@ hapy to
> provide e.g. mysql access via local socket,. not happy to be anble to
> file_read_contents of any file on the whole server :-)(

That's unfortunately missing the point I'm trying to make.

It's possible to upload anything via (S)FTP, including pre-compiled
programs. PHP will trivially allow you to set the execute bit on a file,
so it becomes very easy to install additional programs that completely
bypass almost any security you've added to PHP itself. The exception is
a chroot jail managed by - or outside of - Apache and/or PHP.

Chris
0 new messages