Ftp Account Question

E

erostew

Verified User
Joined
Apr 16, 2006
Messages
24
Location
Montreal, Canada
Sorry if this is in the wrong area.

My question is this:
Is it possible to setup an ftp account that can access ALL user accounts?

The server is apache/linux(fedora) and of course it is running DA. I know it is a limitation of DA that if I want a domain to have it's own IP, rather than shared, then I have to create a user account for each domain.

This is a dedicated server and we are the only users. We have a fairly large pool of IPS that we can use on any of our servers as required. I don't have root access to the server but I can ask our hosting company's tech to do anything that requires root access.

I can live with having to go to the reseller level userlist and log in as each user to make domain level changes even though it's a big pain. Or even worse, logging into the control panel seperately for each user. But having a different ftp account for each domain is an even bigger pain. So I want to know if it's possible to create ONE ftp account that will let me access ALL sites. Having to keep a list of all these different logins for each site is both a pain and a security risk.

Is this possible or will I just have to add it to my wish list file?

It would also be nice if it actually stated somewhere in the help files that the only way to have each site with a dedicated IP is to create a new user for each site. I'm probably not the only one that wasted far too much time before finding out about this limitation.

Thanks for any help/answers to my question.

Stew
 
You can create an ftp account that will log in with any directory as the base directory, including /home.

However what you can't do is log in under any other username besides root and still be able to do anything with those files.

By default proftpd doesn't allow root logins; I don't know if it can be made to do so or not.

If it can, I still wouldn't recommend it; you'd be logging in to root with a plaintext password, which is insecure.

If you had to do something I'd recommend allowing root logins to ssh, and then using scp (which works similarly to ftp, except securely).

However I don't recommend that either; it's just too easy to do a lot of accidental damage.

As far as putting it on a wish list I don't think that's going to make it happen; it's just not easy to do and still have any kind of security left on your system at all.

Jeff
 
Thanks for your answer. I use cuteftp which handles ssh easily. But I see your point about using the root account for everyday access. It is the main reason that root access to the server is reserved for our hosting company tech. I don't normally need to have root access for any day to day maintenance tasks. I don't really see that it is anymore of a security risk to use the root account for ftp/ssh access than to have a big list of logins printed out , but you are right about it being too easy to screw things up.

As far as the wish list: I was being a bit sarcastic. The entry for a less cumbersome ftp setup goes right underneath the entry for being able to assign IPs to a domain instead of just one IP to a user.

Stew
 
Last edited:
You must log in or register to reply here.
Back
Top