KBTAG: kben10000129
URL: http://www.securityportal.com/lskb/10000100/kben10000129.html
Date created: 07/08/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Accessing your WWW server files
Keywords: Network/WWW, Network/FileSharing
At some point you will need to access the files on the www server to update them. Logging in and using a text editor like emacs is not usually a good long term decision if you value your time. Several popular HTML authoring packages can access your website via FTP or windows file sharing.
This is the classic method of granting users access to ftp servers, typically concerns include users viewing each others data, viewing system data they should not, and so forth. Chrooting the users ftp session will solve most of these problems, however the main problem with ftp, as for encrypting the username and password this is typically undoable due to the fact most people are running Windows FTP clients. I would recommend ProFTPD over WU-FTPD for an application such as this, ProFTPD has much better access controls.
Samba is quite useful for sharing out the www directories to Windows clients, you can then keep the usernames and passwords separate from the system (using smbpasswd rather then the system passwd) and encryption of logins is no problem. Simply make the shares non browseable, and use the valid users directive to restrict which users may view the share data. For example:
[www-example] path = /www/www.example.org/ valid users = someuser read only = No browseable = No
will setup a pretty secure share for the directory /www/www.example.org/ that only the user example can access.
FrontPage is one of the most popular HTML programs for Windows users (heck, I even use it). It can talk directly to WWW servers and download / upload files from a site (called a FrontPage Site) if the server supports FrontPage extensions. FrontPage extensions are available for various UNIX platforms, for free, from Ready To Run Software, at: http://www.rtr.com/. In the past, security wise, RTRs FrontPage extensions for UNIX have been a bit of a disaster. There are commercial alternatives however, one is Instant ASP, available from: http://www.halcyonsoft.com/. An excellent document on getting FrontPage working with Apache 1.3.X is available at: http://www.itma.lu/howto/apache/.
RearSite is a cgi program that provides users access to their directories via a normal web browser. You can get it from: http://listes.cru.fr/rs/fd/.
Fast Webpage Exchanger keeps files in synch using ftp and has a nice config file where you specify everything. You can download it from: http://www.enjoy.ne.jp/~gm/program/iwe_en.html.
WebRFM (Web-based Remote File Manager) is a CGI (Perl) application that allows users to manage their files. You can get it at: http://webrfm.netpedia.net/.