WebFaction
Community site: login faq

Hi

I have just set up an additional user and granted them permission so that they have ftp access to one folder under my webapp folder. However when testing it they seem to also have permission to at least see the names of all of the other folders under my webapps folder. They can't see any files; but I don't really like them being able to see the names of the other webapps I am running.

Is there something set-up wrong or is this a necessary condition of giving them rwx access to one of the child folders?

asked 08 Jul '11, 03:57

markan
123
accept rate: 0%


Since the "webapps" directory is (necessarily) owned by root, standard users cannot modify permissions on this directory. That leaves only two options: allow all users to list the directory, or allow no users at all to list the directory. It's a clear choice; we have to allow all users to list the webapps directory.

Depending on the application type, it's actually possible to run some applications without needing to grant access to the webapps directory. For example:

Static/CGI/PHP application

You can run a Static application in an SSH user's directory using a Symbolic Link to Static/CGI/PHP application. Simply use something like /home/sshuser/www in the extra_info, and ensure that you grant your primary user access to the SSH User's home directory using something like:

#as ssh user
setfacl -m u:primaryuser:rwx $HOME
setfacl -R -m u:primaryuser:rwx $HOME/www
setfacl -R -m d:u:primaryuser:rwx $HOME/www
chmod g+s $HOME/www

Custom Application (listening on port):

Applications that listen on a port (like Django, Rails, CherryPy, and many others) can be run from an SSH user's home directory simply by configuring the software to listen on the port assigned by the Control Panel.

The significant disadvantage of the above two solutions is that they cannot be used with a Static-Only or Symbolic Link to Static-Only application.

permanent link

answered 08 Jul '11, 04:39

ryans ♦♦
5.0k93460
accept rate: 43%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×62

question asked: 08 Jul '11, 03:57

question was seen: 4,241 times

last updated: 08 Jul '11, 04:39

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM