Grant a user access to only a web site directory or copy to an FTP site?


#1

I have a request from a data manager and I haven’t figured out how to best approach it. At his request, I have a script that creates a form to allow our public to upload files to a directory in our web site. Now the data manager would like me to grant read-write access to the upload directory to one of our employees, but not give this employee the user name, password for FTP access to the whole web site tree. This data manager thought I could just create a new user with this access just to a subdirectory somehow. I’ve been scratching my head. I can’t come up with a way to do this on Dreamhost.

Now here’s a guy that had to do something like this so he had his upload script make a copy of the file over to an FTP site. Maybe I could do this and give the employee the authentication to this new ftp account only. Or maybe I can modify this approach by skipping the move_uploaded_file step to save the uploaded file to a website sub-directory and just move the uploaded file into an FTP account with ftp_put.

Those are the two choices I can think of. Either some kind of magic file permissions to a website directory, or a script that puts an upload into an FTP account. Is there anything else I can do?


#2

The most logical thing for me to do would be to modify the perl script to push a copy of any file uploaded to the ftp site also. But I looked at the perl script and though “Cripes, I’ve forgotten everything I ever knew about perl.” I looked at Uber-Uploader since it’s written in php which I can manage a bit better and has a perl component so the upload file size can be larger than with php without fiddling with php.ini settings. But I couldn’t get Uber-Uploader to run on DH. Then I started looking at python ways to do it since I need to get better with python.

I got python to work for me thusly:

[code]import ftplib
import os
import sys
import traceback

print "Logging in…"
ftp = ftplib.FTP()
ftp.connect(‘ftphostname’)
print ftp.getwelcome()
try:
try:
ftp.login(‘username’, ‘password’)
ftp.cwd(‘target directory’)
# move to the desired upload directory
print “Currently in:”, ftp.pwd()

    print "Uploading...",
    fullname = '../sourcedirectoy/filename'
    name = os.path.split(fullname)[1]
    f = open(fullname, "rb")
    ftp.storbinary('STOR ' + name, f)
    f.close()
    print "OK"
    
    print "Files:"
    print ftp.retrlines('LIST')
finally:
    print "Quitting..."
    ftp.quit()

except:
traceback.print_exc()[/code]

But now I’ll have to see if I can make it work on a whole directory. If I were clever, I’d run this python script every few hours as a cron job, and test the source directory for any file newer than last time the script ran in a cron. If I were really clever, I’d just add the ftp push to my original perl script.


#3

I don’t know about the script, have no experience in that. But I use WordPress and a plugin for people to upload to my server. It looks the same as you see on many upload area’s on websites, so people do not know the FTP user/pwd.

On the Dreamhost side all uploads go in to a folder which is 100% seperate from the domains and even the FTP login is different. So whomever has the FTP for the upload folder has NO access to the domains. The upload folder is actually outside any domain.

Create a new users:
Just go to the panel and Users > Manage Users > Create New User
Fill in the page where as the username is also the folder to which the uploads go in to.

Create a new Fully Hosted domain/folder
Then go to Domains > Manage Domains > Add New Domain/Subdomain
There you use the username as the foldername to create and job done.

Now whom ever logs in with the FTP for the upload folder ONLY sees that folder and not the domains or anything else. Well the log and Mail dir, but they are just a part of that “domain”


#4
  1. Create SFTP account [newuser] with Enhanced Security OFF

  2. SFTP login [newuser], create a directory called upload, chmod to 775, logout.

  3. Login main user:
    Copy current upload dir contents to /home/newuser/upload
    Rename current upload dir (in case of failure)
    Create symlink to /home/newuser/upload/ called ‘upload’ where the upload folder was (so your script works without editing it).

  4. Test. If all good, delete superfluous renamed upload directory.

eg.

$ cp -r /home/user/domain.com/path_to/upload/* /home/[newuser]/upload/ $ mv /home/user/domain.com/path_to/upload /home/user/domain.com/path_to/upload_old $ ln -s /home/[newuser]/upload /home/user/domain.com/path_to/upload