If you only allow SSH and not telnet, you should not really allow ftp either. Perhaps look into some more secure alternatives (like scp, sftp or something)
Also, make sure that you do not run your webserver as root, since if someone do manage to break in through your webserver, then they will have root access to your system. If Apache is running as another user (like www or www-data or something), then having the web files owned by root is only to make sure that if a hacker do manage to break in, they can not change your web pages. If you are not to concerned about this, by all means let your Apache process (www?) own the /var/www directory structure, and then you can ftp in the new files by the normal way. Do not allow root direct access to your webserver, through ftp or ssh or something. Good luck /Bengt -----Original Message----- From: Anita Lewis [mailto:[EMAIL PROTECTED] Sent: Saturday, August 09, 2003 20:04 To: [EMAIL PROTECTED] Subject: ftp to webserver - not as rot This may be a dumb question on the wrong list, but here goes. I'm learning to set up a server via remote. We've got a mail server going and mailman as well. We have apache going and have put some pages in /var/www. There's a firewall on it and it is set so that we can send and receive mail, access the mail list, bring up pages in a browser, ssh in as users, and ftp in as users. We set it up so that root cannot ftp or ssh in. A user can ftp in and work on pages in their own public_html, but those pages would appear in /~username. I want to be able to work on pages in /var/www, because those pages come up when the domain name is accessed via browser. /var/www is root.root Is there a way other than dropping the pages off as user via ftp, ssh and su to root and move them, to do this? I'm thinking maybe there is a way using groups. Or is there something wrong with my thinking about not allowing root ftp? Thanks. Anita -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
