FTP/Shell


#1

I need to know the difference between the last two options in giving users acces to my website:

FTP account - file transfer access only.
SFTP account - sftp (SSH ftp) file transfer access only.
Shell account - allows FTP plus ssh/telnet access.

Also, there is an option for “shell type.” Currently, it’s selected for bin/bash, but there are other options. I am clueless about what this means to me and my users.

thanks very much!
take care Frances


#2

Generally speaking, you would not want to use any of these options to “give users access” to your website.

Those options give a user almost complete ability to create and modify content on your site - and you will be responsible for any violations of DreamHost Terms of Service that they may commit.

Additionally, only one of these “users” could have that access to a given “website” (in the purest sense), so they would all have to share a set of credentials in order to gain mutual access.

I think you should consider exactly what you want these “users” to be able to do with their “access”, and consider using a different approach than ftp/ssh/sftp to provide them with that capability. :wink:

That said:

SFTP account - sftp (SSH ftp) file transfer access only. - This allows a user to use the ssh protocol for ftp purposes only, and is considerably more secure than standard ftp. It does not allow them “shell” access, but provides a more secure method for transferring files than that provided by regular ftp.

Shell account - allows FTP plus ssh/telnet access. - This is “the whole thing”, and allows the user to use sftp for transferring files and an ssh client to access the shell, as well as allowing them to use the less secure ftp for transferring files and the less secure telnet to access the shell.

What this means to you, if your user is a “shell enabled user”, is that it defines which linux shell environment is provided for your use immediately upon logging into the shell.

There are several different “shells” available; experienced linux users have different preferences regarding which shell environment they feel is “best”, and DreamHost offers them an initial choice. BTW, there is not “right” answer for this question ; it’s a matter of taste and personal preference (let the Holy Wars begin!). If you want to experiment in the shell, leaving the default “bash” setting will work just fine for you; you can always change it later if you want to experiment with a different shell as you learn your way around linux.

This setting will only mean something to your “users” if you allow them shell access - and, as I wrote in the beginning of this response, I strongly recommend that you not do this unless you clearly understand what that means (and from the looks of your questions, it appears that you do not). :wink:

If you are not experienced with such things, you should definitely not allow others (who might know more about this stuff than you do) to have shell access to your account unless they are your employee or someone you are choosing to trust with complete control of your website and your account.

I say this because with shell access, they can control your site completely, and can easily do things that can cause you to have your account suspended or terminated.

If you describe what, exactly, you want your “users” to be able to do, I’m sure that many on these forums can suggest ways to accomplish that without giving them any of those types of access.

It is also quite possible that, depending on what you envision those users doing, giving them ftp/shell accounts will not provide the capability you are trying to give them anyway. :wink:

–rlparker


#3

I want to have one user, who will co-design the site with me. Yes, I trust her completely.
It sounds to me like changing the shell type is not something I would do, because I am not an advanced webmaster, just an amateur one…nor am I a computer scients or a programmer. I just like having a website and putting content on it; I chose Dreamhost because of the free installations of all those software programs…I want people to come back to my site. I’d like to build up (over time) a local community portal.

Thanks for your answer, it was very, very helpful.

thanks Frances


#4

That sounds like a great plan, and I suggest that, in order to avoid file permission issues, that the best way for you to approach this is to share a set of user credentials with her.

This will prevent any problems concerning who (which user) owns the files (you can both work on them as you wish), and makes things much easier to manage.

All you have to do then is pass your username/password to her to use for development purposes, so you do not need to create a separate user for her use. Should you ever wish to change that, you can just change the password for your user, and her access would be removed as she will no longer know the required password.

Good luck with your site, and have fun learning about this stuff! :wink:

–rlparker


#5

I wanted to provide a little more motivation to rlparker’s suggestion about only having one ID, because generically, I know that this is considered less secure, but for very, very practical reasons, it may be the best option for you.

Your website’s web directory will be “under” only one of your user accounts. Only this user will have full control of all the files and directories for the website (there are complicated ways of making this not true, but I’m ignoring them because they are… complicated). That user can selectively grant permission for another user to create additional directories and files and have control over particular directories, etc, but this often leads to confusing situations because you always have to be aware of whether you’re the owner of a particular file or directory or whether your partner is.

This is all much simplified if you both use one set of shared credentials, though you obviously lose the ability to easily figure out who made what change, etc.

Are you writing this site yourself using html or are you using a preconfigured web application? Have you considered using a version control mechanism and deploying the codebase from version control to your webserver? Because that’s another option if you don’t mind dealing with the complexity of a version control system like SVN - you can both do edits on the codebase and yet when you deploy, everything will be owned by one user. You also get version control with this option.

Extra lifetime domain and $82 off with code [color=#CC0000]1DOM82[/color] or use [color=#CC0000]LM97[/color] for $97 off. Other Dreamhost coupon codes


#6

Actually, what I did with my customers is create a user for “hosting/owning” the files/site and personal users for each of us to use. Then we “su” to the hosting user to make changes. This makes for clean records of when people were on and gives them a place to try things before dropping it into production.

Wholly - Use promo code WhollyMindless for full 97$ credit. Let me know if you want something else!