www.webdeveloper.com
Results 1 to 6 of 6

Thread: How do I give a developer access to a specific directory and nothing else?

  1. #1
    Join Date
    Apr 2005
    Posts
    493

    How do I give a developer access to a specific directory and nothing else?

    (I'm reposting this post here, after someone in the PHP group suggest I repost here because it's more relevant)

    I want to give a develop access to a specific directory and nothing else

    I can give them an FTP account with access to a sub directory, but this doesn't exactly solve the problem!

    1. They can write PHP code to access other directories below and have FULL access to *everything*!

    2. What if I could solve problem 1 somehow (I have no idea how!), but then I wanted them to have *only* access to a directory but NOT to sub directories contained under that directory?

    I'd always given developers a sub directory in which to put their code - I'd never actually ever thought that they could access the whole domain!

    So: how can I make sure they only have access to what I want?

    Thanks


    OM

  2. #2
    Join Date
    Aug 2009
    Posts
    84
    You would need to enable safe_mode in your php.ini file, to restrict access to selected directories only:

    Code:
    safe_mode = On
    safe_mode_exec_dir = "C:\WWW\DIR1;D:\WWW\DIR2"
    open_basedir = "C:\WWW\DIR1;D:\WWW\DIR2"

  3. #3
    Join Date
    Apr 2005
    Posts
    493
    thanks for the reply
    i dont quite understand what that does
    i asked elsewhere after not getting a reply here
    and was told: giving ftp access is just bad news!
    and any developer who knows what they're doing can gain control of *everything*?

  4. #4
    Join Date
    Aug 2009
    Posts
    84
    giving ftp access is just bad news!
    and any developer who knows what they're doing can gain control of *everything*?
    I don't agree with that. If configured correctly FTP access can be secure. All big shared hosting companies provide FTP access for their customers, yet users can't modify each other's files.

    Can you please let me know what Operating System / FTP software do you use, so I can try to give you more specific solution?

  5. #5
    Join Date
    Apr 2005
    Posts
    493
    Quote Originally Posted by chris22 View Post
    I don't agree with that. If configured correctly FTP access can be secure. All big shared hosting companies provide FTP access for their customers, yet users can't modify each other's files.
    aaah... yes... that a very good point actually

    Quote Originally Posted by chris22 View Post
    Can you please let me know what Operating System / FTP software do you use, so I can try to give you more specific solution?
    i have linux
    i have a vps

    the thing is, i will have a single domain
    and i want to give a developer access to a sub directory on that domain
    this is different to shared hosting where each user has different domains

    let me know what u think + if u can suggest something

    thanks

  6. #6
    Join Date
    Aug 2009
    Posts
    84
    OK, you can do it that way:

    1. Create directories structure:
    Code:
    /var/www <= this is root directory of your domain
    /var/www/dir1 <= directory for user1
    /var/www/dir2 <= directory for user2
    2. Now create user accounts:
    Code:
    useradd -d /var/www/dir1 -s /bin/false user1
    passwd user1
    useradd -d /var/www/dir2 -s /bin/false user2
    passwd user2
    3. Install vsftpd (Very Secure FTP daemon) - on Debian or Ubuntu you can do it:

    Code:
    apt-get install vsftpd
    4. Edit /etc/vsftpd.conf and make the following changes:

    Code:
    check_shell=NO
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=002
    chroot_local_user=YES
    That is all. Now your users are restricted to their own home directories only.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles