FTP remote administration of Webcontent on OS X Server

[Essage]

I'd like to upload files to my website on a server running Mac OS X Server 10.1.5.

I want to use FTP. And the website root-directory is "/library/webserver/documents".

Is it possible to set up a user that has the webserver-directory as it's home-directory, and has only access to that, using the built-in ftp-server in os x? The ftpuser should not be able to connect to the server in any other way than ftp.

//Essage

 

[buc99]

I don't think you can set up a User this way.

You could set up a User and then delete all of the directories except the web directory, Desktop, and Library.

I think the easiest solution may be to set up a User for web serving only. Put all of your web pages in that User's Sites folder. Then set up the folder access to whoever you want only for file sharing.
This should keep people out, and it would be seperate from the root folders. Also tunnel ftp through ssh to upload your web pages. (This just makes the upload more secure). You may also be able to do some things from a firewall standpoint and set up Apache to use a port other than 80 for web serving. The documentation for all of this is located in OSX.

Anyone else? I'm sur there are some folks here with more secure web serving ideas than this.

Thanks.
SA

 

[lethe]

i believe testuser has written some nice scripts to create ftp-only users using the OSX built-in ftp server. look for his thread on ftp users, it should be what you need. if you need to modify it to suit your needs, i m sure he will be able to help.

 

[lethe]

here is the thread with testusers script. the only problem with this setup as i see it, is you want an unprivileged user to edit these files, and by default that directory, and its files are all owned by root. i don t think it would be too bad to just change the permissions.

testuser will probably be here soon to lay it all out for you

 

[buc99]

Lethe-
Will this work for webhosting? This is actually what he wants. A user account that just has webhosting capabilities>

Umm i just noticed something. /Library/webserver/documents is the root webserver folder, however, you do not want to serve your pages from here. You need to serve your pages from you Users' Sites folder. This is secure because it is not on your root directory and when you access it from ftp you will be using your User password and not your Root password. So make a user for webserving only. This way it is not an Administrative account. and serve your pages from here. You can then set up your ftp permissions to only allow access to this area of the system.

Good Luck.
SA

 

[Essage]

One thing that doesn't work:
When I log in via ftp, I only get the directories "Public" and "Users". I'm not in "/Library/WebServer/Documents" where I want to be.

If I log in at the computer with the ftptoweb-user, the "home-button" takes me to "/Library/WebServer/Documents", but via ftp I'm not in my home-directory when logging in.

Everything else seems to work just fine.

/Essage

 

[Essage]

It seems like I, for some reason, created a new Document-folder with the user admin. So the owner was root and group was admin.
I re-created the documents folder with root, so root is now the owner and admin is the group.

[localhost:~] admin% l -d /Library/WebServer/Documents:
drwxr-xr-x 15 root admin 466 Jun 24 18:44 /Library/WebServer/Documents

shouldn't it be drwxrwxr-x ?

Or has it not have anything to do with the permissions?

/Essage

 

[Essage]

That didn't help

I've never used NetInfo before. I don't know what I should be looking for. But I think the set up is correct. The homedirectory is the right one (/Library/WebServer/Documents).

While browsing around in NetInfo I notised the similarity with:"/ config SharePoints" and the directory I start up in when connecting via ftp. It seems like it is that directory I'm landing in when connecting via.

Documents, is a directory, and it resides on the startup disk.

Probably would a reinstall do it for me, but I´d rather not, after all configuration and installed software.

/Essage

 

[buc99]

Why are you worried about serving pages from /Library/WebServer/Documents?

What is wrong with serving those pages from the ~/username/Sites folder?

I'm confused here. Please tell me why you would want to do this?

Thanks. SA

 

[Essage]

Well. I don't know everything about the apache webserver and mac os x server. Accually I have never used a webserver myself. Therefore I thought it would be better to stick as close to the defaults as possible. And I don't know how changing the socument root affects everything. What should I change in the httpd.conf-file, and are there other things I'll have to change? Maybe that should have been my qestion instead?

But if I get this to work, with the ftpuser with the home in /library/webserver/documents, that would probably be the easiest way for me?

/Essage

 

[Essage]

I finally found out where I land when connecting via ftp. In "/Library/FTPServer/FTPRoot". Why didn't I think of that earlier
So thats whats not right. Why am I landing there? Maybe it's impossible to administrate "/Library/WebServer/Documents" with the configuration of the built in FTPServer in OS X?

/Essage

 

[buc99]

Why do you want to host your pages from /Library/WebServer/Documents?

That directory is located in a root directory and I personally would not want someone to get ftp access to it.

All you need to do is setup a User. Put all of your web pages in that User's Sites folder. Make a simple adjustment to httpd.conf that directs your /cgi-bin/ alias to that directory if you want cgi. Otherwise leave Apache alone and it will automatically serve pages from the Sites folder. They are then accesses by:

http://www.yourdomainhere.com/~username/webdocument.html

It is that simple. Then you set up your ftp to only allow access to that User's directory. Everything is served properly and you no longer have to worry about ftp access to a "root" directory.

So I ask again, why do you want to serve your web pages from /Library/WebServer/Documents?

Good Luck.
SA

 

[Essage]

I thought I answered that in a previous post...
- Because I know that Apache will behave like it should if I don't change anything in the httpd.conf. That's why.

Ok. It seems like it's not possible. So I give up...


The pages should be accessible directly by the IP:
http://111.222.333.444/

not:
http://111.222.333.444/~user/

Is the only thing I have to change, the path in httpd.conf where it says "/Library/WebServer/Documents" to the new location of the files? Do I have to change anything in httpd_macosxserver.conf? Will everything else function an normal? Like cgi and so on..

If I want to serve pages directly under http://111.222.333.444/, should I really place the document in a users sites-directory? Then it would be accessible with 2 different adresses? Or should I create a new folder in that users home-directory, like wwwroot? And what privileges should that folder have in that case?

Is it just me who is wondering how apple thought we should change the content on the main site on the apache webserver?

/Essage

 

[Essage]

This means that I change the location of the webserver-files?

In that case, I rather create a non admin user and serve the pages from there, like buc99 says I should?

Cause I lose the advance of having an untouched httpd.conf-file.

Or, what do you guys think?

/Essage

 

[Essage]

I have never been using the FTPServer before, so I don't know why it behaves like this. I have never changed any settings. It works perfectly when connecting with a user that has a default home-directory.

I'm only using the server for personal use, so as long as it's not a security issue, I'll leave it as it is, to take care of it in the future, or after a reinstall. I have no idea what could be wrong and don't know what errors I should be looking for...

To take care of my need of ftp administration of the content on the webserver I followed buc99's example. Kind of...

Here's what I did:
1. Created a non-administrator user in the system preferences. Called him "webserve".

2. Deleted everything in his homedirectory except for "Desktop" and "Library".

3. Created a folder called "wwwroot" in his homedirectory. And changed the privileges to:
drwxr-xr-x 14 webserve staff 432 Jun 25 19:47 /Users/webserve/wwwroot

4. Changed DocumentRoot in httpd.conf (to):
DocumentRoot "/Users/webserve/wwwroot"

5. Changed in httpd.conf (to):
# This should be changed to whatever you set DocumentRoot to.
#
Directory "/Users/webserve/wwwroot"


Seems to be working fine

Any thoughts?
Any security issues?

I'd like to thank everyone who has been taking an active interst in this thread

/Essage