I’m setting up the users homes inside the public_html, so they can FTP into their home, put the files in there and go.
Some users are asking me for install PhpMyAdmin, so I tried the Install Scripts. But I can’t install them out-of-the-box, because the virtual server owner’s user can’t write to the mailbox user home.
/home/domain/public_html <- owner: domain, group: domain, permissions: 750
/home/domain/public_html/user1 <- owner: user1.domain, group: domain, permissions: 750
As a workaround, I’m logging in as root, changing the permissions to 770 and then run the script. But I don’t think it’s a good idea to leave that as 770, so when it’s over, I change it again to 750.
Users can also login via SSH, so even when I’m restricting them to their home by FTP, they would be able to write on other user homes by using SSH. So, set up Virtualmin to create the home directories with 770 permissions wouldn’t solve the problem.
You wouldn’t actually want to setup standard FTP users with their home directories within public_html – that would cause some permissions issues.
What you could do to accomplish what you’re after – instead of creating a standard FTP user, create a website FTP access user (on the right side when you click “Edit Users”).
Those users are special, in that they’re designed to be able to read and write to the public_html folder (or a sub-folder).
I tried that (didn’t see that option before!) but I think that it’s still far from perfection on my scenario. I even think that standard users suit better here. I explain why. Probably I’ll be wrong somewhere:
- I need to manually create the subdirectories, or I will receive this error: “Failed to save mailbox : Home directory must be an existing directory for website FTP users”.
- These users doesn’t seem to be able to own files or directories, so other users will have write permissions on other users folders. They all share the same UID with the main virtual server user.
I prefer the other approach, even If I loose the script install functionality out-of-the-box. Thank you for your advice, though.