I think this is pretty straight-forward, I just hope to get a little feedback on it. Several months ago I set up a subdomain off of one of my accounts. It was set up to let local DJ’s host their mixes. I configured it so users could upload their performances to subdirectories named after them, all of which were located in one common subdirectory named “music.” Each of these directories has a dynamic page that displays audio files in the directory, along with the appropriate links. The entire subdirectory, including ftp access to the Joomla installation and all folders, is accessible by one specific user account.
Since it was just a lark, and this is a community that tends to respect each other, I shared the ftp username/password with everyone. At this point it is evident that not all of the members should have access to all of the directories, because they all don’t have the same level of professionalism. Here are some things I am curious about: Would it make more sense to change the domain owner’s account, or to just add a new ftp upload account and lockdown the current username with admin privileges?
My instinct tells me that users shouldn’t have access to folders that are web accessible, whether they can access other member folders or not. If that seems reasonable, I still need to enable them to upload their mixes in a way that protects them from members who tend to be somewhat immature. What comes to mind is an upload-only ftp folder. I figure, after changing the current password, the correct solution is to set up an “upload” folder that everyone can dump their mixes to, but without access to other user files.
If that seems like a prudent choice, I am curious about the right way to implement it. In order to set up an “upload-only” ftp account, would I use user-account permissions, or chmod permissions on the upload folder itself? I am kind of bluffing my way through this, but here is what I see: A folder with full access to me, “the owner”, and write-only access to a guest account that I create. I intend to use an account with username/password just for good measure, but want to make sure there is nothing I am missing.
Thanks for any input.