Looks like I still need a “global” ftp administrator account. I would like to know if it’s possible to have a Unix user (or group) have full read/write access to all the Top Level Servers and Sub Servers via FTP.
It must be possible? I can’t imagine a website designer having to maintain a separate login for each site.
I can't imagine a website designer having to maintain a separate login for each site.
That totally depends how he works. I can’t imagine a webdesigner working on websites through webmin
If he would work in a program as Dreamweaver then he can just "create sites" once and upload as the user with permissions for that site.
I have plenty sites in my ftp program and dreamweaver
Besides if those are different accounts with permissions set, then you will want the permissions to stay with the owner of that domain.
When someone else uploads images with his own permissions then they might never appear on the owners website and get a: "Permission denied" instead
The way I do it using Transmit as my FTP Client is create a separate saved “Favorite” for each domain. This contains the login info such as url, username, password, default directory for that domain. I have about 50 saved. 11 are mine and the others are other peoples domains where I need to regularly transfer files. Accessing these is just one click. There is no real managing going on. For my sites this allows me to access trough FTP using that accounts FTP user so as Ronald mentioned files created are appropriately associate with the correct Owner and Group.
Any real FTP application will allow you to save these settings.
Oh and Dreamweaver’s FTP functionality is A$$tastic (meaning not so good)
Looks like I still need a "global" ftp administrator account. I would like to know if it's possible to have a Unix user (or group) have full read/write access to all the Top Level Servers and Sub Servers via FTP.
Not really possible. If you did so, you’d have to turn off SuExec for all virtual servers. Files must be owned by the virtual server owner, and can’t be group writable. Neither of those things can be true, if you permit a user that doesn’t own the virtual server create files within the virtual server home.
It must be possible? I can't imagine a website designer having to maintain a separate login for each site.
I suspect maybe you’re using top-level virtual servers where you should be using sub-servers, perhaps? If the same person is administering them, they all ought to be owned by the same user, right? (Which means, one top-level server, and all the rest sub-servers of that top-level server.)
But, that just depends on the way you use Virtualmin.
Anyway, it isn’t technically possible to do what you’re after–this has nothing to do with Virtualmin. We simply can’t do it because Linux/UNIX permissions and SuExec cannot interact in a way that would allow CGI scripts to work. I guess if the web developer doesn’t need to access any PHP or CGI files, you could make him a member of the virtual server groups. That’d work for any non-executable content. Note also that you can’t have chroot enabled in ProFTPd (I don’t consider chroot all that useful, myself, but a lot of folks consider it mandatory), since the user needs to be able to bounce around amongst all of the homes in question.
BTW-If you’ve seen this “ability” in the past, it’s because they weren’t using SuExec on the server, which is dramatically more dangerous for your users from a security standpoint. If you don’t need suexec (e.g. if you are the only user on your system, or the other users are trusted) you can disable it…and, as I mentioned, add the web developer user account to each virtual server group so he can work on the virtual server files. You’ll also have to make the public_html group writable (and any files the developer needs to work on). I’m not exactly sure how to make file he creates accessible to the domain owner however.
Ok, that makes sense. I don’t mind using sub servers. I like the fact I can create FTP users for a specific sub servers so I can give to the clients. But…
Lets say I have a client that wants access to their server via virtualmin, but we still want to retain it as a sub server under our top level server. Can I create a webmin user for sub servers? I could not see the option is the pro version demo.