Permissions Questions


#1

I think this is pretty straight-forward, I just hope to get a little feedback on it. Several months ago I set up a subdomain off of one of my accounts. It was set up to let local DJ’s host their mixes. I configured it so users could upload their performances to subdirectories named after them, all of which were located in one common subdirectory named “music.” Each of these directories has a dynamic page that displays audio files in the directory, along with the appropriate links. The entire subdirectory, including ftp access to the Joomla installation and all folders, is accessible by one specific user account.

Since it was just a lark, and this is a community that tends to respect each other, I shared the ftp username/password with everyone. At this point it is evident that not all of the members should have access to all of the directories, because they all don’t have the same level of professionalism. Here are some things I am curious about: Would it make more sense to change the domain owner’s account, or to just add a new ftp upload account and lockdown the current username with admin privileges?

My instinct tells me that users shouldn’t have access to folders that are web accessible, whether they can access other member folders or not. If that seems reasonable, I still need to enable them to upload their mixes in a way that protects them from members who tend to be somewhat immature. What comes to mind is an upload-only ftp folder. I figure, after changing the current password, the correct solution is to set up an “upload” folder that everyone can dump their mixes to, but without access to other user files.

If that seems like a prudent choice, I am curious about the right way to implement it. In order to set up an “upload-only” ftp account, would I use user-account permissions, or chmod permissions on the upload folder itself? I am kind of bluffing my way through this, but here is what I see: A folder with full access to me, “the owner”, and write-only access to a guest account that I create. I intend to use an account with username/password just for good measure, but want to make sure there is nothing I am missing.

Thanks for any input.

http://benconley.net
http://teamshocker.com


#2

I need to think on this a bit, as there are, of course, several ways to approach this. I too would worry about allowing access directly to web accessible directories to ftp users sharing a login. With my luck, it would only be a matter of time till someone uploaded a script that created problems for me.

My first thought is that it would be easier to manage if you could implemet what you want with a FOSS scripted solution, to provide granularity to the “users” and avoid the whole “groups” permissions issues implicated. I suspect there may also be some “gotchas” with Dreamhost’s suexec implementation that might make finely tuning some permissions problematic (I have not thought all the way through this yet, and my mind is a little fried right now; GMT-8 for me)

I’m gonna hang back on this and look at it again tomorrow, when I will try to give your post “higher quality” attention, and my mind is clearer. :wink:

–rlparker


#3

I’m just blurting out an idea here, since I don’t have a specific script in mind, but maybe something useful will come out… How about a user/password protected upload script – and no FTP access for anyone? Then you don’t have to worry about them browsing other directories, deleting/renaming files, etc.

You could have a DB of users, passwords, their directories, etc… Then when a user accesses the form with his name/password, it uploads his files to the proper directory. If needed, I suppose a delete feature could be added, if you want them to be able to delete their own files as well.

Actually, you could probably search sites like hotscripts.com and see if there’s already something out there that does what you need… or at least something that can be modified a little to do what you want.

And of course, you’ll still be able to FTP/SSH where ever you want and do whatever you want.


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


#4

Thanks a lot for the suggestion, Seiler. Here’s why it can’t totally apply in my situation though. We’re talking about files that are usually over 50MB, so ftp is the only convenient way to get them onto the server.

I do want to protect the main DocumentRoot of my subdomain though. Not sure if that lends itself more to a whole new upload spot or not. Hopefully I can setup a drop on the same directory tree as this site, to make file moves more convenient. Not necessarily under the site folders by any means though.

Here comes a lot of blabbity blab… My plan to write posts that can be used as articles on my personal site has translated into rampant verbosity.

http://benconley.net
http://teamshocker.com


#5

I have to be honest here, and admit that I didn’t realize FOSS meant Free Open Source Software. While I appreciate your allowing that I am doing something fairly clever, it’s not so complicated in this case. When setting up the subdomain, I created a new user account, so there is little risk of anyone gaining access to the account I use to manage my base domain, or any other subdomains. After a little consideration, there is something relevant to add too. The Joomla installation on that setup is a sandbox, so there is no risk of any real repercussions.

All that’s on the subdomain I’m talking about is a stylesheet, a few PHP pages, and a number of discrete folders named after the various artists containing their audio files. The users aren’t technophobes, but they’re not trying to set up IRC daemons either. I know the users through an online community, and they contact me first if they want to host something. Basically I keep the login moderately quiet, and provide it to them after creating a new folder. They upload their mixes, and PHP pages allow visitors to traverse this directory structure, which exists in a folder called “music”.

I coded the pages so that only directories (parent/children), and specific filetypes are displayed on the index pages. These mixes are usually 0.75-1.5 hours long, so a new one only comes along maybe a couple times a week and new artists only look to get hosted maybe once a month or less. Because of this I don’t mind doing all the directory maintenance manually, I just don’t want to give everyone full access anymore. All files are uploaded through ftp since they’re typically 60-100+MB each.

I’ve seen ftp servers with upload drop folders before, so no one can see what else is in there. I’m thinking about just keeping the current username with a new password, and setting up some non-web-accessible location with only write permissions on it that is associated with a new user account. I’ll take care of moving all the files once they’re uploaded. Anything special I need to be concerned with? Also, will the ftp server support resuming in a case like this? I suppose granting read permissions isn’t a big deal either, because the mixes are either intact or they’re nonexistent.

To sum up --Sorry for always being so verbose!-- we’re talking about something like 20 invited artists so far. It’s a labor of love for music too, I’m not looking to offer this to anyone other than a circle of friends. Would it be advisable to create an entirely new upload destination, or could I integrate this within a folder on my site? Thanks for reading this far down.

http://benconley.net
http://teamshocker.com


#6

First of all, I have a couple of apologies to make. I’m sorry about that “FOSS” reference (I should know better than to use “jargon” style acronyms in posts, and it’s a habit I need to break!), and I’m sorry I was unable to post back yesterday as I had indicated I would. Things got out of hand a bit, and I just didn’t get around to thinking my way through your post(s) and formulating a response.

Having read through your posts again, I don’t think I have anything to add! You seem to have it well under control, and I don’t have any additional insights in light of your clear understanding of what you want to do and the methodology you want to use.

I spend so much time on these forums answering questions from “beginners” that I tend, on occasion, to forget that the whole permissions issue is not “overly complicated” for experienced users such as you. I don’t see any reason why you couldn’t/shouldn’t tackle it the wayt you describe it (though I wouldn’t suggest that approach for a “beginner” :wink: )

For what it’s worth, I don’t see any problem with being “verbose” (as you have noticed, I sometimes am afflicted with that same tendancy). Those that don’t want to read the “longish” posts should certainly feel free to “skip” them, but others do enjoy them, as they can be very educational and can sometimes stimulate one’s though processes. This is especially true if you are thinking about “re-purposing” the post into a wiki article, tutorial, or other use - it’s nice to have the “working” copy on a forum where you can collect input and refine your thoughts. I say “go for it” on that point!

My thought is that, given the circumstances you have described, it is probably “six of one, half-a-dozen of the other,” and probably just a matter of personal preference. I think I would choose to go with the “entirely new upload destination” just to keep it, and it’s contents, “segregated” from the directory structure of the rest of my site (with the “vague” notion that it would be less complicated if/when I ever developed the site out differently) Does that make any sense at all?

–rlparker