Question about Users


#1

Hello. This is probably an extremely simple question, but I wasn’t able to find any information on my own. I thought someone here could easily help.
I’m trying to give multiple users access to my server. I added a new user in the web panel no problem. I checked to make sure everything was working through my ftp client and was able to log in fine under the new user name. Neither of my domains were visible, though. Just two directories called ‘logs’ and ‘Maildir’. How can I give this new user access to my domains? Or, more specifically, certain domains or areas of domains?
Thanks in advance to anyone who takes the time to help!


#2

Good evening.

In order to give the new users access to your domain files, rather than their own accounts on your server - you must go to the billing section of the panel. Under account privileges you select the “grant new privileges” button and follow the instructions.

Hope that helps.

http://www.jconnors.net - City Streets


#3

Awesome. Thanks a mil!


#4

Hi!

Actually, while setting up additional users is simple enough, and you can grant certain “privileges” to them via the panel, your desire to share directories with those new users is not so simply accomplished. :frowning:

You might start by checking out this DH WIki Article on "How Do I Share Website Access WIth Another FTP User?".

While there are workarounds you could experiment with, involving the creation and management of *nix style groups, they are rather complicated, non-intuitive, and a general PITA to manage for most.

I prefer to accomplish this using CGI scripting. This allows the user to upload the files, but allows me to retain ownership of the files. Many CMSs (Content Management Systems) allow this functionality, and there are other ways to allow users to contribute to your site (and manipulate files in your directories). This works especially well on DH because of DH’s use of suexec, which allows CGI to to run as your user, rather than as a separate user for the webserver.

I highly recommend ffileman, which is a “free” perl-based filemanager script that is easy to install and runs well on DH. I do not recommend using PHP scripts (there are many out there) for this if you anticipate needing to upload files greater than 7MB on DH, due to the limits of DH default PHP installation.

This works very nicely when set up as a sub-domain (files.yourdomain.tld, or similar), though it can also be configured to only traverse “limited” branch of a standard directory tree. You can also set it up behind apache authentication as an alternate (or additional) security mechanism.

In addition to the link I have already provided above, you might find that a little reading on all this to be helpful; here are some links to relevant DH Wiki articles:

Unix Groups

Users

Unix File Permissions

Unix File Permissions Cookbook

–rlparker


#5

One would certainly think so, wouldn’t you! :wink:

Actually, the “grant new privileges” section of the Control Panel does not directly manipulate the *nix permissions in this way, rather it allows you to grant certain account management/control privileges to another user under your account. For instance, you could allow another user to create domains, databases, etc on your account; you cannot, however assign them sufficient privileges to enable them to access your user’s files via this section of the control panel, particularly in the way described by the original poster.

To do that, you need to create , assign users to, and manipulate *nix style “groups” and individual directory and file permissions (some, but not all, of which can be done from other sections of the panel). Suffice it to say at this point that most consider this to be “less than trivial” and easily borked by new users not familiar with *nix stype permissions and groups. :frowning:

Users’ access to a “domain” (which is a stored as a directory under a given user’s directory) is controlled by the *nix system permissions mechanism, and is not designed to facilitate “sharing” with another machine user (in fact it is designed to make this less than trivial, for security reasons!)

There is more information about this, and some links to relevant DH Wiki material, in my response to the original poster “up thread” :slight_smile:

–rlparker


#6

Really? I was able to accomplish this task by going through the user privileges and giving domain level access to the user…

In our case http://www.buakpsi.com wasn’t reflecting uploads from our webmaster because I had made him an ftp account. They posted under his user account but not accessible when you navigated to the above url. When I granted access, he was able to post to the correct directory as evidenced by what you are seeing online now.

Was this wrong and from a weird coincidence?

http://www.jconnors.net - City Streets


#7

I had to research that a bit as you had me wondering whether a new functionality had been added to the panel (it has happened before, and I’ve been here so long I could have overlooked it! :wink: )

What I think you are describing is that by setting all domain privileges for a user, that user can then upload his files into your domain’s directory; I can’t be sure as I can’t do an ls -la of your domain directory. This would allow files owned by that user to exist in a directory owned by your user, which is a less than ideal way of approaching all that, as you could then find yourself missing required permissions to manipulate those files.

Additionally, CGI for a domain will only run as the designated user as set in the control panel by domain.

Can you confirm the ownership of those files in your directory that were uploaded by the other user?

Thanks! I’d love to see this made easier for everyone!

–rlparker


#8

Well, after going into the webftp in my user’s panel I was able to read, write, and execute the files (html and css files - no scripts). If that means that I have privileges to these files then I am happy to report that I can work with them!

It also should be noted that the panel shows me as the owner of said files.

http://www.jconnors.net - City Streets


#9

That sounds like it may well meet many users’ needs! I’d still love to know how the groups/users/permissions are set on the files the other user uploaded, as this has a major bearing on whether scripts run on the domain can access (write to) these files.

Thanks for the heads up on this one; for those not using scripts it may well be a much simpler solution for them! :slight_smile:

–rlparker


#10

Please pardon the ignorance, but I’m not sure exactly how to give you the information you’re looking for. I’d be more than happy to though. Would a screen capture work?

Please find a relevant screencap:

http://www.jconnors.net - City Streets


#11

No pardon is necessary, and I don’t think you are ignorant at all - new environments are different for everyone. The screen capture does explain all, to me, though now I’m struggling with how to explain it to you.

First of all, you probably want to send such link (screenshot) via PM, as you don’t really want to advertise your username or group id on the web :wink: .

From that screenshot, your other ftp user does not own any of those files…which indicates that they were uploaded as your user, not his. I can only guess how this might have happened, but the fact that you can manipulate them is as it should be…you own them.

Are you sure that, since you gave your other user the authority to manage your domain, he didn’t just log in as you and upload the files (that would explain why you are the owner of the files that he uploaded)?

–rlparker
p.s. - don’t forget to edit your previous post (or just delete the screenshot file) to remove that screenshot from public view :wink:


#12

Once you replied I was going to remove the file and the link - both of which I have just done.

As you could see the files were put up a while ago but I don’t think that I would have compromised my account by giving our webmaster my account details so I will ask him to see how he’s connecting and uploading.

Thanks for the help - I’m still learning all this… and as I’m still in college, not even a CompSci major no less, I have a big learning curve.

http://www.jconnors.net - City Streets


#13

Good deal, and no problem…I’m sure he will be able to explain what happened. :slight_smile: At any rate, if you look at some of the links I’ve included in the other posts on this thread, I think it will all start to make sense for you. :wink:

Hey, we all have to learn sometime; I learn something new on the web every day (and I’ve been doing this for years). I’m just hopeful that my “help” is actually helpful, as opposed to just confusing things further! :open_mouth:

–rlparker