FTP user for all websites

tuaris · June 13, 2008, 3:31pm

I would like to create an FTP user that has access to the html files of all the virtual websites.

For example, I have a directory called "Sites" and under that I have site1.com, site2.com, site3.com, etc…

I would to have an FTP user that has the ability to read and write to each of those websites.

Is this possible?

tuaris · June 13, 2008, 3:54pm

I think this might be possible by using sub servers, which then leads me to my next question…

How do I create a Webmin login for sub servers?<br><br>Post edited by: tuaris, at: 2008/06/13 10:54

ronald · June 14, 2008, 4:27pm

in the server template -enable the box- webmin login-, might do the trick.

tuaris · June 16, 2008, 3:11pm

Looks like I still need a “global” ftp administrator account. I would like to know if it’s possible to have a Unix user (or group) have full read/write access to all the Top Level Servers and Sub Servers via FTP.

It must be possible? I can’t imagine a website designer having to maintain a separate login for each site.

tuaris · June 16, 2008, 3:12pm

Tried that, and it didn’t work allow me to create an administration user. Maybe it’s only available in the Pro version?

sgrayban · June 16, 2008, 3:37pm

The extra admin feature is only in the pro version.

ronald · June 16, 2008, 5:42pm

tuaris wrote:

I can't imagine a website designer having to maintain a separate login for each site.

That totally depends how he works. I can’t imagine a webdesigner working on websites through webmin

If he would work in a program as Dreamweaver then he can just "create sites" once and upload as the user with permissions for that site.
I have plenty sites in my ftp program and dreamweaver

Besides if those are different accounts with permissions set, then you will want the permissions to stay with the owner of that domain.
When someone else uploads images with his own permissions then they might never appear on the owners website and get a: "Permission denied" instead

velvetpixel · June 16, 2008, 6:01pm

The way I do it using Transmit as my FTP Client is create a separate saved “Favorite” for each domain. This contains the login info such as url, username, password, default directory for that domain. I have about 50 saved. 11 are mine and the others are other peoples domains where I need to regularly transfer files. Accessing these is just one click. There is no real managing going on. For my sites this allows me to access trough FTP using that accounts FTP user so as Ronald mentioned files created are appropriately associate with the correct Owner and Group.

Any real FTP application will allow you to save these settings.

Oh and Dreamweaver’s FTP functionality is A$$tastic (meaning not so good)

Joe · June 16, 2008, 11:29pm

Looks like I still need a "global" ftp administrator account. I would like to know if it's possible to have a Unix user (or group) have full read/write access to all the Top Level Servers and Sub Servers via FTP.

Not really possible. If you did so, you’d have to turn off SuExec for all virtual servers. Files must be owned by the virtual server owner, and can’t be group writable. Neither of those things can be true, if you permit a user that doesn’t own the virtual server create files within the virtual server home.

It must be possible? I can't imagine a website designer having to maintain a separate login for each site.

I suspect maybe you’re using top-level virtual servers where you should be using sub-servers, perhaps? If the same person is administering them, they all ought to be owned by the same user, right? (Which means, one top-level server, and all the rest sub-servers of that top-level server.)

But, that just depends on the way you use Virtualmin.

Anyway, it isn’t technically possible to do what you’re after–this has nothing to do with Virtualmin. We simply can’t do it because Linux/UNIX permissions and SuExec cannot interact in a way that would allow CGI scripts to work. I guess if the web developer doesn’t need to access any PHP or CGI files, you could make him a member of the virtual server groups. That’d work for any non-executable content. Note also that you can’t have chroot enabled in ProFTPd (I don’t consider chroot all that useful, myself, but a lot of folks consider it mandatory), since the user needs to be able to bounce around amongst all of the homes in question.

BTW-If you’ve seen this “ability” in the past, it’s because they weren’t using SuExec on the server, which is dramatically more dangerous for your users from a security standpoint. If you don’t need suexec (e.g. if you are the only user on your system, or the other users are trusted) you can disable it…and, as I mentioned, add the web developer user account to each virtual server group so he can work on the virtual server files. You’ll also have to make the public_html group writable (and any files the developer needs to work on). I’m not exactly sure how to make file he creates accessible to the domain owner however.

tuaris · June 17, 2008, 5:13pm

Ok, that makes sense. I don’t mind using sub servers. I like the fact I can create FTP users for a specific sub servers so I can give to the clients. But…

Lets say I have a client that wants access to their server via virtualmin, but we still want to retain it as a sub server under our top level server. Can I create a webmin user for sub servers? I could not see the option is the pro version demo.

ronald · June 17, 2008, 5:33pm

you can create a FTP user with its own password and login name (at least in the pro version)