Regular user and http. How to grant correct privileges?

[jgr]

Hi all!

I have a normal user (sites:users) and the usual OpenSUSE http user (wwwrun:www).

I'm hosting several sites and I want to be able to upload stuff via ftp, so I'm using the "sites" home (/home/sites) to keep the sites I'm hosting.

Giving read permissions to all inside /home/sites makes it accessible and readable to the wwwrun user.

Problems come when I need to upload something. The easy way is to give 777 permissions to the folder that's going to receive the file, but I don't feel comfortable at all with that.

What do you recommend? Is there any group configuration that could help me (like adding "sites" to the "www" group or "wwwrun" to the "users" group)? Or any other configuration at all that might be according the the best practices?

Thank you.
Best regards,
Jorge

[elija]

Is it only you uploading or several different accounts?

[jgr]

Hi elija!

Thanks for your reply!

I'm sorry for not being clear. By ftp it's only me who makes the uploads using the "sites" account. But that's not a problem.


Problems come when I need to provide the ability to upload via http to other guys.

The easy way is to give 777 permissions to the folder that's going to receive the file via http, but I don't like that solution.

Best regards,
Jorge

[elija]

I'm sorry for not being clear.

No worries.

Problems come when I need to provide the ability to upload via http to other guys.

If this is uploading through a form on a website then it is the wwwrun user that needs write permission. It is advisable to store these files outside of the web root.

The last thing you want to do is make the entire site writeable. It's not just asking for trouble, it's begging

If you mean other people uploading website files, then I would set them up an FTP account and limit that account to the directory they should have access to. Exactly how you you do this depends on which FTP server you have.