Adding Users


#1

Hi,

I would like to add FTP users who have the ability to read and write to one folder only. I don’t want them to have an email address etc and they all need to access the same folder.

I set up a user last week but they seemed to have their own folder that only they could write to, plus a bunch of mail and log folders. I suppose I could delete them but I didn’t know what effect this would have.

Have I misunerdstood the setup etc?

TIA
Planetphillip

Phillip
http://www.planetphillip.com/
Commentary and Analysis of Sci-Fi Single Player First Person Shooters


#2

Can’t be done on dreamhost. Each user has thier own account, and there is no way for their “directory” being shared with other users.

-Jason

I40.com - Home Page
MP3Mystic - Personal Streaming Music server.
(No longer hosted with Dreamhost)


#3

Indeed. You can re-map one directory to one users’ domain/folder but you can’t grant access to just one folder with mulitple user access. I submitted a suggestion but it seems to have been denied. Submitted it about a month ago and wasn’t in recent updates for suggestions.


#4

OK, thanks for the info. Looks like I’ll need to think of another solution.

Do you think an upload script from somewhere like hotscripts will be a sensible solution?

TIA
Phillip

Phillip
http://www.planetphillip.com/
Commentary and Analysis of Sci-Fi Single Player First Person Shooters


#5

I actually want to do this, as well.
I guess perhaps I signed up a little too fast - it seemed like this sort of thing would be easily done.
However, I’m pretty confident that it can be worked around, and I’d like to dedicate this thread towards finding good solutions for that.

For some users, it seems like a simple .htaccess file would provide all the functionality needed - this would allow a number of users with different logins and passwords to access a specific folder. It doesn’t allow them to upload, and it doesn’t allow users to use FTP clients (which are sometimes more convenient, and sometimes have integration with text editors, etc.)

If all of the users that I create have home directories (etc.) on the same file system, it seems as though it might be possible to create a custom group, add some users to it, create a folder that’s accessible to the group, and then make a symlinks for the users to upload into or download from. Is this feasible?

Any thoughts?


#6

Search the message board. I know this has come up in the past. (I don’t know that the answers are there, I just know it’s come up.) If you do figure it out, get it working, make sure you add it to the Wiki.

-Jason

I40.com - Home Page
MP3Mystic - Personal Streaming Music server.
(No longer hosted with Dreamhost)


#7

Create the user accounts and give them all SSH access, then create a group and add them all to it. Log in to your own account via SSH and find the folder you want to share. Change the group ownership to the new group you created and give that group write permissions:

chgrp newgroup shared_folder chmod 775 shared_folder The last step you can do yourself, or you can let them do. Create a symbolic link in each of their home directories pointing to your shared folder. You should log in as them to do this. In the shell, do:

su - newusername ln -s /path/to/shared/folder shared_folder The first line will log you in as that user and put you in their home directory. The second line will create a symlink (similar to an alias or a Windows shortcut) to your shared folder.

Your users will then be able to log in via SFTP and upload stuff into the shared folder link in their home directory. These files will actually be placed into the real shared folder in your directory.

The new users will have their own home directories, of course. All users need one. Don’t worry about any of the other stuff in there, it isn’t important for your purposes.

I’ll add this to the wiki later, or someone else can do it if I don’t get to it for a while.


If you want useful replies, ask smart questions.


#8

It has, indeed. I guess I should have searched for more on this before I made my comment - but then, again, it looks like people haven’t had much success.

By setting up a custom group and chgrp’ing my home directory to be accessible to that group, I was able to log in as a different user (user ‘A’), and then make a symbolic link to a sub-directory of mine in user A’s home directory… if you can understand that.

It seems to work fine from the command line. I can log in as A, move into the symbolically-linked directory, and start touching files and what not. So far, so good!

If I try to use FTP to get at it, I can see the symbolic link, but when I try to move into it, I get an error. However! If I SFTP in as A, then it basically all works fine. As it should, since SFTP isn’t really any different from using SSH, as I understand it.

So as long as I can convince my users to use SFTP (and they probably already do), it looks like this will work nicely. I have to be a lot more careful about the permissions on my home directory, and I have to trust my users 0, but I guess it should be good enough.


#9

That is terrific. Three cheers for that great explanation. I’ve been doing an equivalent thing using Invision Power File Manager as a workaround. It seems the sort of thing that could possibly be automated through the panel. As I’ve said many times on these forums, as web sites ‘meet in the middle’ - no longer either personal home pages or big corporate sites - now even small organizations expect to have an online meeting ground, meaning many more sites are maintained by groups or at least small teams- in my case club volunteers - this sort of flexibility is HUGE for those of us just sort of stumbling along. Anything that makes it easier to manage is a big competitive advantage for DH.


#10

Ha, thanks for the reply. Seems like just about what I did. I guess it just goes to show that I need to work on things for myself for a few minutes before I blab all over a forum.


#11

WOW, thanks for that! I don’t understand a word of it, but I’ll go through it line by line, word by word and i’m sure I’ll get it working.

So much to learn, so little time.

Phillip
http://www.planetphillip.com/
Commentary and Analysis of Sci-Fi Single Player First Person Shooters


#12

Some extra information on this solution and how it works in our system…

Our cgi security implementation prevents cgi scripts from running in any folder that is group writable so this shared folder will not work under a web directory you want to run cgi files in. We have discussed opening up this restriction in the past, but have not ever come to a conclusion about it.

Our FTP setup automatically restricts you to your home directory so attempts to move into other home directories will fail. The ftp setup was originally put in place for ease of use reasons but it is also nice from a security perspective. SFTP and SSH/Telnet do not have that restriction/feature.

If any of the files under the shared folder are created without the group write bit set, your other users will have difficulty working with the file. The same thing will happen if the files are created with a group other than ‘newgroup’ (following his example). You can use the setgid bit (chmod g+s shared_folder) to ensure the group of files stays what you want, but you and your users will still have to make sure to always set the group-write bit.

Those technical notes are the primary reasons we have not implemented something like this. We do get a lot of requests for it and have thought about it a lot, though.

  • Dallas
  • DreamHost Honcho

#13

This thread has been super helpful. I’d like to try and fully understand this and make sure that what I want to do is not currently possible.

The easiest way for me to explain this is to give an example.

For the directory structure I’d like to have a folder that I’ll call “Master Directory”, containing three folders “Vendors”, “Customers”, and “Archives”. In the “Vendor” folder I would like to have folders “Vendor A”, “Vendor B”, and “Vendor C”. In “Customers” folder I would like to have “Customer A”, “Customer B”, and “Customer C”.

For the user structure I would like to have unique logins and user names for each “customer” and each “vendor” that will only give them access to their respective folder and no others (Customer A login directs access to only Customer A folder). And then there would need to be an “administrator” login which would have access to all of these folders, and the only login which would have access to the “archives” folder.

As for permissions, some of these “vendors” and “customers” would need to have different levels of access, some would only need download capability, and others would need download and upload capability.

Am I crazy thinking that I can teach myself how to do this? Is this even possible on Dreamhost? If not, then where would I have to go to do this?

You guys are all amazing and I appreciate so much your help and time!!


#14

Our system does not provide this level of control over file access permissions so it would not be possible to set things up as you have described.

You can set up multiple users and they will each have their own separate home directory, but they would all be a ‘full’ account with upload and download privileges.

You would probably need to use some sort of web-based software to provide the level of granularity you are needing.

  • Dallas
  • DreamHost Head Honcho/Founder