Configuring Sendmail and VSFTPD

Pete Nesbitt pete at linux1.ca
Fri May 7 02:50:29 UTC 2004 

On May 6, 2004 06:20 pm, Pete Nesbitt wrote:
> On May 6, 2004 05:58 pm, Rodolfo J. Paiz wrote:
> > At 17:53 5/6/2004, you wrote:
> > >first off, wow fast response.=)
> >
> > Welcome to Linux. <grin>
> >
> > >I want to install cutecast. (http://www.artscore.net/cutecast/). I asked
> > >the admin what SMTP server they use for sending email notifications,
> > >activation and they said Sendmail.
> >
> > Sendmail is already configured to accept mail from its same machine
> > (localhost) but not from the outside, so it's a reasonably secure
> > configuration. If you do want to accept mail from the outside, please
> > read my "Sendmail SMTP AUTH HOWTO" [1] and ask any questions either here
> > or directly. Otherwise, no need to do anything.
> >
> > [1] http://www.simpaticus.com/linux
> >
> > >Basicly I want to give my friend FTP access to his webarea (runs
> > > apache2) so that / in his FTP client would be '/var/www/html/PS' so
> > > that he can upload his files and chmod.
> >
> > I would suggest that the best way is to make a user for your friend, say
> > "joe". Then create a "www" directory in joe's home directory (/home/joe),
> > and create a "virtualhost" in Apache that points to /home/joe/www. That
> > way his website files are in his home directory, where they are easy for
> > him to reach but difficult for others (except Apache). You may need to
> > make sure /home/joe and /home/joe/www have 701 permissions, I'm not sure.
> > vsftpd will automatically chroot the user to his home directory, I think.
> > If not, it's easy to configure but I don't remember how off-hand.
> >
> > Note that this has the advantage that people usually remember to back up
> > /home but usually not /var... makes your data safer and your users
> > simpler to manage. If you wanted to try a completely different approach,
> > however, you could try just creating a user "psforum" and changing that
> > user's home directory to /var/www/html/PS. Same results, I think, just
> > not as neat.
> >
> > Post again if you get stuck somewhere.
> >
> > Cheers,
> >
> >
> > --
> > Rodolfo J. Paiz
> > rpaiz at simpaticus.com
> > http://www.simpaticus.com
>
> Hi,
> The idea of creating an html dir in the users home is good, but the 'new'
> prefered method for apache, instead of configuring apache to use home dirs
> (there is a config stanza for doing that), you create a web space, in this
> case /var/www/html/PS, then make it owned by the user & group, sguid the
> dir and make it world readable "chmod 2775 PS".
> Next make a sym link 'ln -s /var/www/html/PS ~joe/www' (or change www to
> whatever you like such as PS)
> The idea is that first, the user does not need world readable dir's in his
> home, and also, the url does not have the ~username in it so it is easier
> and does not give away user id's which helps with security.
>
> --
> Pete Nesbitt, rhce



Rodolfo, I should have read your reply closer. I overlooked a few items. My 
solution with the sym link will allow an escape from the chroot (or will it 
break the link?). Also, i was thinking of the public_html based home webspace 
solution.

However, the virtualhost will require either a 2nd IP or else a 2nd DNS entry.

Another consideration may be to use the apache 'Alias' definition. You could 
define an alias in apache config to make requests to domain.com/PS go to 
~joe/www. The 'Alias' function allows you to disable "Follow Sym Links" and 
define each one individually. This is kinda the opposite of my 'inbound' sym 
link mentioned above. 
 
-- 
Pete Nesbitt, rhce

More information about the redhat-list mailing list