Using 'groups'


#1

I’m struggling with a convenient way to let someone manage the content of a single directory. I have already set him up as a user for another domain I own but he manages; that domain is hosted from from his user directory. It seems to work fine although it’s a bit awkward conceptually :slight_smile:

In this new instance he only needs to update files in a particular directory of another domain. So far, he can’t navigate out of the domain he manages to any other domain in my account.

The KB suggests groups as a possible answer so I created a group with the two of us in it. But I’m not clear on what to do next; the KB doesn’t really follow through with the how part once you’ve created a group using the panel. I’m guessing there’s a shell command I can make over that directory that will allow him to see and read/write to a group-owned directory using his ftp client. ‘chgrp’ is my best guess from googling around. If the group is called ‘foo’ and the directory is called ‘results’ then would something like this work?

chgrp foo results

I do want him to be able to add files to the directory. Since results is ‘below’ the domain base directory, do I have to chgrp the whole domain to allow his ftp client to traverse to the results directory?


#2

FTP users are chrooted to their home directories.

The only way around this is to create the user within another user’s home directory, or else to have one user be a shell user and have them only edit / upload files from the shell (or scp / sftp).


#3

Symbolic links are great for this! I use them throughout my own site, mainly for sharing files across several subdomains… I setup a directory, which ends up being “~/shared/css”, for example, and then created links for this.mydomain.com/css and that.mydomain.com/css to point to ~/shared/css – edit the files in any one location and they get updated across all sites…


#4

Hmm, well I’ll try again. I tried the symbolic link exactly as described, but then I (user1 in the example) could not write files in the linked directory in user2’s space.


#5

Symbolic links will only work with shell users.

We’ve thought about various ways to unchroot certain FTP users without causing problems. The main thing is that FTP users get very upset and confused when they realize they can get to “/” and see everything there - they think that it’s some sort of security hole and write support. There are ways to exclude individual groups, but we haven’t really messed around with this much.

Sooooooo… the best options are:

  1. Have one user only edit group-writable files from the shell (or using scp / sftp), and have the other user be the main FTP user. You can symlink /home/user1/example.com to /home/user2/example.com.

  2. Create a third “ftp” login, and have both users use this login to update files.

  3. Create one user with their home dir nested inside the other user’s home dir (/home/user1/user2). Then symlink /home/user1/user2/example.com/ to /home/user1/example.com.

These are the three ways I know of that will work. I personally prefer “1” and “2”.


#6

[quote]Hmm, well I’ll try again. I tried the symbolic link exactly as described, but then I (user1 in the example) could not write files in the linked directory in user2’s space.

[/quote]

I’m not familiar with shell access, but when I created user2 (for my client) from the control panel to access one of the sub-directories under user1 (i.e. me), I came across similar problem and lost control of that particular sub-directory. I was told by support that it’s not good to have nested ownership. What I still don’t understand is that why it is so difficult to set up a HIERARCHY of ftp access.


Yours Truly, nameslave

Buying and selling domain names since 1997


#7

How about just using an EasyHost or MyHost script or one of the other cgi scripts that provide file uploading and make directory functions right through the browser. Or one of the FTP scripts that are limited to the directory installed only?

Try http://cgi.resourceindex.com/ or http://www.hotscripts.com/

zentao web design, graphic art and design at www.zentao.com

zentao7, Gallery of Artists and Speculative Novel Writers Groups


#8

Ah! That’s a good idea. Simple File Manager looks like it would do the trick. Thanks.


#9

symbolic links across user folders seem to work fine for shell access, however at DH PHP doesn’t seem to want to follow the link. I have a symbolic link set up within one of my sites located under one of my users folders with the link pointing to a folder under my user folder. I get the following web error. Anybody have any ideas?

Warning: open_basedir restriction in effect. File is in wrong directory in Unknown on line 0

Warning: Failed opening ‘/home/greenip/webroot/siteadmin/index.php’ for inclusion (include_path=’.:/usr/local/lib/php’) in Unknownon line 0