You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2016/12/20 22:43:03 UTC
[users@httpd] Allowing users to edit web sites safely
Hello,
I've got a FreeBSD 10.3 server on which is running Apache 2.4. I've
got two web sites that are relevant to this message and which both get
backed up on an other daily basis.
A user wants now to take control of both. I don't use a control panel
so he'll have to make files then upload. I've got sftp set up to
restrict the user to his home directory area. I've put that user in a
webdev group and set the group to webdev and given the writable
permission.
That seems a little klunky, any other suggestions?
Thanks.
Dave.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by David Mehler <da...@gmail.com>.
Hello,
Thanks. I'm thinking Pydio might be a little overkill for what I'm
wanting to do.
Any other suggestions welcome.
Thanks.
Dave.
On 12/20/16, Dean E. Weimer <dw...@dweimer.net> wrote:
> Have you considered using an http based file management utility? I use Pydio
> to do just this on my server. It has support for Edit the files online and
> it's fairly easy to configure and use.
>
> Thanks,
> Dean E. Weimer
> http://www.dweimer.net
>
>> On Dec 20, 2016, at 4:43 PM, David Mehler <da...@gmail.com> wrote:
>>
>> Hello,
>>
>> I've got a FreeBSD 10.3 server on which is running Apache 2.4. I've
>> got two web sites that are relevant to this message and which both get
>> backed up on an other daily basis.
>>
>> A user wants now to take control of both. I don't use a control panel
>> so he'll have to make files then upload. I've got sftp set up to
>> restrict the user to his home directory area. I've put that user in a
>> webdev group and set the group to webdev and given the writable
>> permission.
>>
>> That seems a little klunky, any other suggestions?
>>
>> Thanks.
>> Dave.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by "Dean E. Weimer" <dw...@dweimer.net>.
Have you considered using an http based file management utility? I use Pydio to do just this on my server. It has support for Edit the files online and it's fairly easy to configure and use.
Thanks,
Dean E. Weimer
http://www.dweimer.net
> On Dec 20, 2016, at 4:43 PM, David Mehler <da...@gmail.com> wrote:
>
> Hello,
>
> I've got a FreeBSD 10.3 server on which is running Apache 2.4. I've
> got two web sites that are relevant to this message and which both get
> backed up on an other daily basis.
>
> A user wants now to take control of both. I don't use a control panel
> so he'll have to make files then upload. I've got sftp set up to
> restrict the user to his home directory area. I've put that user in a
> webdev group and set the group to webdev and given the writable
> permission.
>
> That seems a little klunky, any other suggestions?
>
> Thanks.
> Dave.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by David Copeland <da...@jsidata.ca>.
On 22/12/16 10:08 AM, David Mehler wrote:
> Hello,
>
> Thanks. I did mine a little different, but thanks to you I did get it.
Glad it helped.
>
> One unrelated question, what's advantages/disadvantages are there
> between Php 5.6 and Php 7?
For me the main advantage is performance, about twice as fast. I also
like scalar type hints and return type. There are few disadvantages that
I can see. Perhaps a small number of backward incompatibilities in
syntax but none that bother me.
>
> Thanks.
> Dave.
>
>
--
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by David Mehler <da...@gmail.com>.
Hello,
Thanks. I did mine a little different, but thanks to you I did get it.
One unrelated question, what's advantages/disadvantages are there
between Php 5.6 and Php 7?
Thanks.
Dave.
On 12/22/16, David Copeland <da...@jsidata.ca> wrote:
> Hi Dave,
>
> Sure.
>
> Say the server has the name "server.domain1.com", and the user has an
> account on the server named "user". The server runs Linux (happens to be
> OpenSuse), Apache 2.4.23 and PHP7. The user can log into the server
> using ssh/scp. His site is served from "/home/user/public_html" and
> accessed as "www.domain2.com". The Apache2 vhost configuration looks
> something like the following.
>
> <VirtualHost *:80>
> ServerName www.domain2.com
> DocumentRoot "/home/user/public_html"
> php_admin_value open_basedir /home/user
> php_admin_value upload_tmp_dir /home/user/tmp_upload
> php_admin_value session.save_path /home/user/sessions
> php_admin_value include_path '.:/home/user/files/includes'
> ErrorLog /home/user/log/error_log
> CustomLog /home/user/log/access_log combined
> HostnameLookups Off
> UseCanonicalName Off
> <Directory "/home/user/public_html">
> Options +FollowSymLinks -Indexes
> AllowOverride None
> Require all granted
> </Directory>
> </VirtualHost>
>
> Userdir access is also enabled. His site can be reached at
> "www.domain2.com" or at "server.domain1.com/~user" . This was done to
> allow the user to preview his site prior to activating the virtual host.
> The php_admin_value entries in the vhost helps to protect the rest of
> the server from the users site and having his own user account also
> isolates him.
>
> Dave C.
>
> On 21/12/16 08:30 AM, David Mehler wrote:
>> Hello,
>>
>> Thanks. Could you elaborate more on your solution? How are the site
>> urls formed? Is it domain.com or domain.com/~username?
>>
>> Thanks.
>> Dave.
>>
>>
>>
>
>
> --
> David Copeland
> JSI Data Systems Limited
> 613-727-9353
> www.jsidata.ca
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by David Copeland <da...@jsidata.ca>.
Hi Dave,
Sure.
Say the server has the name "server.domain1.com", and the user has an
account on the server named "user". The server runs Linux (happens to be
OpenSuse), Apache 2.4.23 and PHP7. The user can log into the server
using ssh/scp. His site is served from "/home/user/public_html" and
accessed as "www.domain2.com". The Apache2 vhost configuration looks
something like the following.
<VirtualHost *:80>
ServerName www.domain2.com
DocumentRoot "/home/user/public_html"
php_admin_value open_basedir /home/user
php_admin_value upload_tmp_dir /home/user/tmp_upload
php_admin_value session.save_path /home/user/sessions
php_admin_value include_path '.:/home/user/files/includes'
ErrorLog /home/user/log/error_log
CustomLog /home/user/log/access_log combined
HostnameLookups Off
UseCanonicalName Off
<Directory "/home/user/public_html">
Options +FollowSymLinks -Indexes
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Userdir access is also enabled. His site can be reached at
"www.domain2.com" or at "server.domain1.com/~user" . This was done to
allow the user to preview his site prior to activating the virtual host.
The php_admin_value entries in the vhost helps to protect the rest of
the server from the users site and having his own user account also
isolates him.
Dave C.
On 21/12/16 08:30 AM, David Mehler wrote:
> Hello,
>
> Thanks. Could you elaborate more on your solution? How are the site
> urls formed? Is it domain.com or domain.com/~username?
>
> Thanks.
> Dave.
>
>
>
--
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by David Mehler <da...@gmail.com>.
Hello,
Thanks. Could you elaborate more on your solution? How are the site
urls formed? Is it domain.com or domain.com/~username?
Thanks.
Dave.
On 12/21/16, David Copeland <da...@jsidata.ca> wrote:
> Hi Dave,
>
> I do the same. The user has an account on the server. The vhost serves
> the users site from his home public_html directory. I allow only ssh/scp
> access, no FTP server is set up, so he uses Filezilla to upload .
>
> Regards,
> Dave.
>
> On 20/12/16 05:43 PM, David Mehler wrote:
>> Hello,
>>
>> I've got a FreeBSD 10.3 server on which is running Apache 2.4. I've
>> got two web sites that are relevant to this message and which both get
>> backed up on an other daily basis.
>>
>> A user wants now to take control of both. I don't use a control panel
>> so he'll have to make files then upload. I've got sftp set up to
>> restrict the user to his home directory area. I've put that user in a
>> webdev group and set the group to webdev and given the writable
>> permission.
>>
>> That seems a little klunky, any other suggestions?
>>
>> Thanks.
>> Dave.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> --
> David Copeland
> JSI Data Systems Limited
> 613-727-9353
> www.jsidata.ca
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Allowing users to edit web sites safely
Posted by David Copeland <da...@jsidata.ca>.
Hi Dave,
I do the same. The user has an account on the server. The vhost serves
the users site from his home public_html directory. I allow only ssh/scp
access, no FTP server is set up, so he uses Filezilla to upload .
Regards,
Dave.
On 20/12/16 05:43 PM, David Mehler wrote:
> Hello,
>
> I've got a FreeBSD 10.3 server on which is running Apache 2.4. I've
> got two web sites that are relevant to this message and which both get
> backed up on an other daily basis.
>
> A user wants now to take control of both. I don't use a control panel
> so he'll have to make files then upload. I've got sftp set up to
> restrict the user to his home directory area. I've put that user in a
> webdev group and set the group to webdev and given the writable
> permission.
>
> That seems a little klunky, any other suggestions?
>
> Thanks.
> Dave.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org