Confused about use model

larry.rowe · 2010-07-30 19:22:36 UTC

I am having trouble understanding how to establish accounts for a domain.

We have one user with an FTP account - user1.

We have two users with MAIL accounts - user2 and user3.

But, when I try to create a new user with a SHELL account for user4, it gives me an error message “cannot edit account or files of existing users” and says that the user name “user4” is already being used.

So, does it mean that any user on any domain is in the same user name space? i.e., I need to come up with a globally unique login name.

Other things that might confuse things:

I deleted a MAIL account for “user4” earlier. Does it take a while for the delete to actually be committed? or, maybe there is a directory under the domain login that was not removed.
I have another domain at DH that might be using the user name “user4”. Could there be a cookie or something in my browser that is confusing things?

rlparker · 2010-07-30 19:38:19 UTC

[quote=“larry.rowe, post:1, topic:53213”]
I am having trouble understanding how to establish accounts for a domain.[/quote]

I think there are two things in our wiki that might help to make this clear for you:

http://wiki.dreamhost.com/Users

http://wiki.dreamhost.com/Account_Layout

The first link above is a great starting place because, unless you are thoroughly familiar with the context, the seemingly simple term “user” can be the source on a great deal of confusion.

The second link, when you understand of the material in the first link, should clear up the rest of the confusion.

Andrew_F · 2010-07-30 23:23:18 UTC

With regard to namespace (that’s actually what we call it internally) — yes, user names must be globally unique in our system (along with domains, database names, and a few other things).

larry.rowe · 2010-08-03 20:18:30 UTC

Hi - Thanks for the replies. I am still confused, but I think I can ask questions that will clarify things. First, FYI I am an experienced Unix user (started with v6 at UC Berkeley in 1976) so I think part of my problem is I am trying to map what your use model is to how it matches a typical Unix system.

RLParker: I read both those pages before I made this post. Re-reading the pages after a long discussion with my wife - who is an experienced hosting user - and reading AndrewF’s post I think clarifies things. The wiki page on account layout was confusing because it talks about sub-accounts and yet the page notes that sub-accounts do not exist anymore. I couldn’t tell what was left and it was structured when they were removed from that description.

Here’s my interpretation of things.

I create a Dream Host (DH) account. This account has an owner which is an FTP user. By account here I mean a business relationship tied to a credit card. Now, it seems that you create a Unix Account (UA) in /etc/passwd or some other authentication mechanism for that user with the shell set to FTP - or more likely a script that launches FTP. A domain is linked to this account - probably by doing a DNS bind to your main server.
I can create shell users which presumably also creates a UA but with the shell set to whatever is select on the add-user panel. Shell users can do FTP and email.
I can create mail users who can only receive/send email through the domain.
I can create other “accounts” for web, stats, backup, etc with privileges as noted in the wiki.

Along with your system you probably have a database (mysql no doubt) that maps DH accounts to UA (e.g., so you can delete all /etc/passwd entries when someone deletes the DH account). This DB probably has other mappings, but if every user gets a UA maybe not. For example, I could imagine that you modified SMTP incoming server to lookup mail user names in a separate DB rather than /etc/passwd so that people in different domains could use the same user-name. I am guessing that when a mail sender sends email to foo@bar.com, the SMTP server could do a database lookup using the key <name=“foo”, host=“bar.com”> and respond to the VRFY command and determine where the spool file is to store the mail message. But, since you create a UA for every user, this is probably not true.

NOW, my questions.

Is there a limit on the number of “users” that a DH account can create? I.e., can I have 5 FTP users, 10 shell users, and 50 mail users?

It appears that you use a email address and password to select the control panel for a domain (e.g., my domain is rowehome.net and my login is larry “dot” rowe “at” gmail “dot” com). Does this mean I need a separate email account for every domain I host at DH? That’s our current situation - my wife registered greyscalewines.com with a different email address. That is fine with me since I can use her “login” to access the greyscalewines.com control panel.

Finally, how could the wiki be clarified to answer these questions. First I would take the “Users” page and add a section “Introduction” before FTP users where you describe the architecture of a DH account - i.e., the business relationship - which has a controlling FTP user. Then I would say that an account can have other users for the domain - you have the note that user names must be globally unique, but I didn’t really get that when I first read the page. I was too confused by FTP users, Web users, Shell users, etc. I would be this note in the Intro. Then, talk about how many different kinds of users a domain can have - if there are restrictions. Then, put the details about the types of users into subsections like you have already done.

Second, I would redo the account layout page to remove the sub-account description. Those are pretty images that describe things, but frankly I did not read them that carefully since I wasn’t sure what still existed.

FINALLY, thanks for the quick responses to my questions. I’m impressed! :)!
/larry

sdayman · 2010-08-03 21:02:22 UTC

The account owner is a manager and has no domain resources assigned to him (or her). In other words, it’s not a UNIX account; it’s a Panel account. It may, however, have domain registrations tied to him.
A shell user is what you expect, but it only has a shell account on a web server. Sure, a UNIX machine supports email, but it’s at *.dreamhost.com. There are no shell accounts on the SQL and Mail servers.
Correct.
Your interpretation isn’t that clear to me, but it looks like you’re thinking of Privileges tied to something like an account co-owner with limited access.

For your long paragraph, accounts are task-specific. Only the FTP/Shell user appears in /etc/passwd. Your mail and database user won’t get an entry in /etc/passwd, as you don’t need shell to access SMTP/POP/IMAP and SQL.

You get unlimited users. Remember, they are isolated from each other. You as the account owner can set passwords for them, but you are not a superuser when it comes to masquerading as someone else.

Your “larry” email address you use to log into the panel makes you the account owner. Larry sets up all of the web/mail/database accounts for all domains hosted by your account. I don’t know if your wife owns a separate account here. Is she paying for hosting as well? Or did she just register her own domain? Where a domain is registered doesn’t matter, as long as its WHOIS info tells the world to use the DreamHost name servers. If she (or any of your friends you’d like to host) set ns1.dreamhost.com, etc., as their domain’s DNS server, you can Add a Fully Hosted Domain here with a unique FTP user so that person can upload content to their domain’s web server.

As for the wiki and account layout page, feel free to add links to your questions so people can see exactly what you’re looking at. I think I found the wiki Users page you mention, but not the Account Layout page.