Anita Lewis <[EMAIL PROTECTED]> writes: > I want to be able to work on pages in /var/www, because those pages > come up when the domain name is accessed via browser. /var/www is > root.root > > Is there a way other than dropping the pages off as user via ftp, > ssh and su to root and move them, to do this? I'm thinking maybe > there is a way using groups. Or is there something wrong with my > thinking about not allowing root ftp?
Allowing unencrypted FTP for any user is a bad idea, but sending the root password in the clear is a horrible idea, so you're indeed right to disable root FTP access. It's much better to use SSH-secured alternatives like scp (secure copy) and sftp (secure file transfer program), both of which come with OpenSSH, for any type of file uploading. For an interface like the GUIs of popular FTP clients, you can use gFTP (for X Windows on UNIX-like OSs), WinSCP (for Microsoft Windows), or Fugu (for OS X). One of these clients, WinSCP, has a comparison of scp and sftp: http://winscp.sourceforge.net/eng/protocols.php If I remember correctly, some of these clients allow you to run arbitrary ssh commands from within them. Thus, you could su to root and then mv and chown the files without needing to start a separate SSH session. But, as long as you use SSH and have a good root password, there's little practical reason not to allow root to log in directly. Off topic, but in a similar vein: Two things come to mind that you might be interested in. First is sudo, a program co-written by one of the co-authors of the UNIX System Administrator's Handbook. You preface a command with "sudo" to run it as root, and it asks you for your own password; subsequent sudo commands don't require your password unless you've been idle for 15 minutes. I've replaced root's password (in the shadow file, in my case) with a * to disable root logins. When I need a root shell, I run "sudo su" or "sudo su -m". Another thing you might be interested in is diceware, a systematic way to pick easy-to-remember, cryptographically-strong passwords using dice and a word list. (You'll want md5 passwords enabled for this, otherwise only the first 8 characters count, which makes for a weak password.) -- Gregory K. Johnson http://gkj.gregorykjohnson.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
