How can I grant user access to one directory only, so they can edit a file?
October 3, 2008 12:02 PM Subscribe
How can I grant user access to one directory only, so they can edit a file?
I'm sure there's a way to do this. I'm hosting a site and I want to allow a person access to one directory, so that he can edit the php file in it whenever he wants. What's the best way to do this?
It seems to me that my options are: 1) set up a new user in my hosting and give him FTP access to the folder (I'm on Dreamhost - not sure how to do it, or how to stop him from seeing the entire domain). Problem with this is that then I won't own the files, right?
2) There might be some kind of user management system that can a) let the person log in. b) Give them a web front-end with an editor so they can edit the file. I've looked at hotscripts.com but they don't seem to be quite what I want.
Unfortunately I can't put the script in a database in joomla etc because it is feeding information to a shockwave application. So it needs to be a separate file. Which I think rules out number 2. Am I missing something?
I'm sure there's a way to do this. I'm hosting a site and I want to allow a person access to one directory, so that he can edit the php file in it whenever he wants. What's the best way to do this?
It seems to me that my options are: 1) set up a new user in my hosting and give him FTP access to the folder (I'm on Dreamhost - not sure how to do it, or how to stop him from seeing the entire domain). Problem with this is that then I won't own the files, right?
2) There might be some kind of user management system that can a) let the person log in. b) Give them a web front-end with an editor so they can edit the file. I've looked at hotscripts.com but they don't seem to be quite what I want.
Unfortunately I can't put the script in a database in joomla etc because it is feeding information to a shockwave application. So it needs to be a separate file. Which I think rules out number 2. Am I missing something?
Do you have root on this host? If all you have is a regular user account, it's difficult to set up an account that's somehow subservient to yours. You can do it with groups, but I'm not sure what kind of accounts Dreamhost will let you set up. You can read up on Unix groups here:
http://www.udel.edu/topics/os/unix/general/unixgroups.html
You can read more on Unix file permissions here:
http://www.acm.uiuc.edu/webmonkeys/html_workshop/unix.html
If you have root access, it's definitely possible to do what you're trying to accomplish, but it may involve moderately advanced Unix admin skills.
If your machine is running vsftp, you can follow these instructions here to limit users' ftp access to their home directory:
http://www.cyberciti.biz/tips/vsftp-chroot-users-limit-to-only-their-home-directory.html
To find out whether you're running vsftp, try this command (as root):
If it returns something like "status OK" or "status started", then you're running vsftp. If it returns something like "command not found", then you probably aren't.
Making those changes to vsftp will only affect ftp access; they'll still be able to get around if they have a shell account. So be sure to either disable their shell account by editing /etc/passwd, find the user account listed, and change the last field from ":/bin/bash" (or whatever) to ":/sbin/nologin". Make sure you do that to their user account, not yours!
If you want to access their files, you'll still be able to do so from a root shell (ie. ssh into the machine, then su to root). As root user, you'll have read access to everything, regardless of permissions.
posted by Loudmax at 5:50 PM on October 3, 2008
http://www.udel.edu/topics/os/unix/general/unixgroups.html
You can read more on Unix file permissions here:
http://www.acm.uiuc.edu/webmonkeys/html_workshop/unix.html
If you have root access, it's definitely possible to do what you're trying to accomplish, but it may involve moderately advanced Unix admin skills.
If your machine is running vsftp, you can follow these instructions here to limit users' ftp access to their home directory:
http://www.cyberciti.biz/tips/vsftp-chroot-users-limit-to-only-their-home-directory.html
To find out whether you're running vsftp, try this command (as root):
/etc/init.d/vsftpd statusIf it returns something like "status OK" or "status started", then you're running vsftp. If it returns something like "command not found", then you probably aren't.
Making those changes to vsftp will only affect ftp access; they'll still be able to get around if they have a shell account. So be sure to either disable their shell account by editing /etc/passwd, find the user account listed, and change the last field from ":/bin/bash" (or whatever) to ":/sbin/nologin". Make sure you do that to their user account, not yours!
If you want to access their files, you'll still be able to do so from a root shell (ie. ssh into the machine, then su to root). As root user, you'll have read access to everything, regardless of permissions.
posted by Loudmax at 5:50 PM on October 3, 2008
On second view, I think I read too much into the word "access". If all you want to do is make sure the user can't write over files outside the directory, this can easily be done with user/group permissions. The directions I posted above would be to lock the user completely out so they don't have read access either.
posted by Loudmax at 7:34 PM on October 3, 2008
posted by Loudmax at 7:34 PM on October 3, 2008
This thread is closed to new comments.
Can you create a new account? If so, add it, and add it to a new group. "chown :newgroup filename" and then "chmod g+w filename". Anyone in that group can edity that file. Add yourself to that group also.
posted by cmiller at 12:16 PM on October 3, 2008