Thanks to everyone for their suggestions. Based on some constraints,
your advice, some googling, I arrived at this set-up, but I am not sure
how secure it is.
1. The web creation software (iWeb on a Mac) only supports ftp and sftp
to upload a site.
2. iWeb does not support the use of "versions" for the web pages. By
that I mean iWeb is strictly one way - create a site and publish it. It
cannot import an iWeb site, it has to start at the beginning. One can
create a site and publish it, then edit the site, and publish again, but
it cannot import or use a previous version of the site as a starting
point. (I mention this because Eric suggested using git, which sounded
like a great idea, but alas
I have this setup, but I could use some advice on how to make it more
secure....
1. User account fred
2. fred's home is /var/www/domain/fred
3. /var/www/domain/fred has owner:group fred:fred
4. Document root is /var/www/domain/fred
Thanks,
Mark
On Wed, Dec 28, 2011 at 10:26 AM, Eric Shubert <
ejs@shubes.net
<mailto:
ejs@shubes.net>> wrote:
On 12/27/2011 10:46 PM, Mark Phillips wrote:
I need to give a user access to my web server via sftp to upload web
site changes. What is the best way to do this? I have several other
sites on the same server, so I want to prevent them or anyone
else who
gains access to their account from being able to make changes to
those
sites or other parts of the server.
Thanks,
Mark
I use vsftp, which can be configured to allow users access only to
their web site's tree. sftp might be able to do the same.
Then, create their user such that their home directory is their web
site's directory, and they cannot log in to the system (only vsftp)
with an /etc/passwd entry like this: