"master" user?

dreamnewb · 2006-10-02 10:19:12 UTC

Hi Guys,

I’m brand new to dreamhost, and it seems great so far. The wiki has helped me sort out most of what I was unsure over, but I’m now stuck.

I have what I think of as my “master” user, the one that signed up for the dreamhost account, and has my primary domain on it, and then I have another user associated with an added domain.

I’ve enabled shell access for my master user, and when I log in to the server (willie) I can see the two folders in /home (and everyone elses) and I can get into and LS files in the two folders - BUT - I can’t for example mkdir in the addon domain, only in my primary folder. Is there a way to make my “master” user able to do things like mkdir and gunzip things in the addon domain? or do I need to enable shell on my addon user? (I tried chown but that seemed to be forbiddne)

sorry for the wordy explanation, hope it makes my quesiton clear.

Thanks in advance for any help.

DN.

[later on, after additional scrutiny]

Aha, it seems I could have added the second domain under the same user as the primary domain… which would work. Except that I would like to create an FTP user that only has access to /home/primaryuser/secondary_site and not /home/primaryuser/primary_site and from the looks of “add user” they just get /home/username… and no real mention of permissions… So I’m still stuck.

(and presumably missing something significant)

rlparker · 2006-10-02 16:20:49 UTC

It sounds as if you are “almost there” with what you want to do. You might want to review this Dreamhost Wiki Article on Users, paying special attention to the section entitled " How do I share website access with another FTP user?". This describe the “simple way” to share a website, or websites, but has the important restriction that you need to log-in as the “sub” or “other” user in order to manipulate their files or directories.

If you really want your “master” user to have access, as him/her self, to the other users’ files, it gets pretty complicated, and involves establishing, and maintaining, *nix groups. This Dreamhost Wiki article called “Unix File Permissions Cookbook” describes how you can “share” access to and control of files and directories in a recipe called “Maintaining Group Ownership”, as well as other permissions related discussions.

In my opinion, while this process does “work”, it introduces considerable complexity, especially when you consider that cgi scripts on Dreamhost run as your designated user (per domain) (via suexec), and setting a directory as group writable interferes with the requirement that directories containing cgi scripts to be run, and the scripts themselves, need to be “755”. The “short version” of that discussion means that, practically speaking, using persmissions that “set the sticky bit” to share ownership of directories often will also entail a series of other manipulations to change the directory ownership/stickybit settings (some use cron scripts) from time to time, as needed for various situations/circusmstances.

In this circumstance, what has worked best for me is simply providing them with a “filemanager” cgi program instead of actually creating another user.

This is “better” to my way of thinking because I don’t have to worry about the users learning/borking the use of an ftp client, I end up the *nix “owner” of all the files, and it is “easy” for them to use and for me to set up.

I recommend a perl program for this, as there are no problems with PHP’s filesize lilmits for uploads. The “cleanest/simplest” program I have found for this is ffileman v.08, because it is so simple for me to install and for the users to use (though there are others that work just as well - check hotscripts.com for more chioces than you will want to wade through!) This provides them with a “limited” ftp-like facility that you can control to a greater degree, and since your user owns all the files, you can manipulate the contents of the directory conveniently. Installling the script I suggested it is very simple:

Download the archive from sourceforge (see the provided link)
Extract the file(s) from the tarball (or the zip file)
Edit the “script” (just a text file) to add username/password, and a couple of other things (well documented!)
Upload it via ftp to the desired “sub” directory on your server
Set the permission on the script file to “755”
Navigate to the script’s url, and enjoy.

The script is small, and can easily be installed in as many “users’” subdirectories as desired, while allowing you to maintain full control.

–rlparker

dreamnewb · 2006-10-03 09:42:17 UTC

Thank you for your help

rlparker · 2006-10-03 15:48:57 UTC

You are very welcome! I noticed, however, that my previous post did not have a link to the suggested ffileman-v.08 (i lost it when I used cut’n’paste from a previous post ).

Here is a link to ffileman v.08 Good Luck!

–rlparker