[arch-general] bind9, apache 2 & sftp management
hello, I have a small VPS and I want my few users (~10) to be able to manage their sub/domains. I don't care about the UI, either command line interface (via jailed ssh) or web ui. I would really like to have only SFTP and not any FTP daemon. however, if ftp is so much easier, then ok, ftp daemon... Thank you in advance! -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.)
Hi * Δημήτρης Ζέρβας (01ttouch@gmail.com) [04.09.12 21:48]:
I would really like to have only SFTP and not any FTP daemon. however, if ftp is so much easier, then ok, ftp daemon...
https://wiki.archlinux.org/index.php/SFTP-chroot this should help for the SFTP only access. HTH Sebastian -- " Religion ist das Opium des Volkes. " | _ ASCII ribbon campaign Karl Marx | ( ) against HTML e-mail SEB@STI@N GÜNTHER | X against M$ attachments mailto:arch@teageek.de | / \ www.asciiribbon.org
i know that, my problem is "central management" so my users can add their domains etc. On Sep 5, 2012 12:21 AM, "Sebastian Günther" <arch@teageek.de> wrote:
Hi
* Δημήτρης Ζέρβας (01ttouch@gmail.com) [04.09.12 21:48]:
I would really like to have only SFTP and not any FTP daemon. however, if ftp is so much easier, then ok, ftp daemon...
https://wiki.archlinux.org/index.php/SFTP-chroot
this should help for the SFTP only access.
HTH Sebastian
-- " Religion ist das Opium des Volkes. " | _ ASCII ribbon campaign Karl Marx | ( ) against HTML e-mail SEB@STI@N GÜNTHER | X against M$ attachments mailto:arch@teageek.de | / \ www.asciiribbon.org
On Tue, Sep 4, 2012 at 4:59 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
i know that, my problem is "central management" so my users can add their domains etc.
http://www.proftpd.org/docs/contrib/mod_sftp.html ... at work we run a setup that uses PAM to authenticate, but the PAM module ONLY looks at a Django database for users/etc (per a custom PAM service name) ... then we run proftpd specifically for SFTP-only access by external vendors. postgres is the DB in use (which, of course, there is no reason to run anything else because postgres is phenomenally more powerful and simple than ... others ;-). the files have been scrubbed (via regex, possibly subtly broken in process) but it should get you going; things to note as they will likely need attention: - targets debian, arch will need uid/gid tweaks, among others? - requires bcrypt django auth (if used) - requires pgcrypto for the target DB (if used ^^^^) ... all files are pretty well commented tho. HTH. https://gist.github.com/3651050 # tree . `-- etc |-- pam.d | `-- stuff |-- stuff | `-- proftpd.conf.head |-- stuff.pam_pgsql.conf `-- stuff.proftpd.conf -- C Anthony
hmm, very nice! thank you! but about bind & apache? is there any module so i can manage the from a DB? -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.) On Thu, Sep 6, 2012 at 7:06 AM, C Anthony Risinger <anthony@xtfx.me> wrote:
On Tue, Sep 4, 2012 at 4:59 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
i know that, my problem is "central management" so my users can add their domains etc.
http://www.proftpd.org/docs/contrib/mod_sftp.html
... at work we run a setup that uses PAM to authenticate, but the PAM module ONLY looks at a Django database for users/etc (per a custom PAM service name) ... then we run proftpd specifically for SFTP-only access by external vendors. postgres is the DB in use (which, of course, there is no reason to run anything else because postgres is phenomenally more powerful and simple than ... others ;-).
the files have been scrubbed (via regex, possibly subtly broken in process) but it should get you going; things to note as they will likely need attention:
- targets debian, arch will need uid/gid tweaks, among others? - requires bcrypt django auth (if used) - requires pgcrypto for the target DB (if used ^^^^)
... all files are pretty well commented tho. HTH.
https://gist.github.com/3651050
# tree . `-- etc |-- pam.d | `-- stuff |-- stuff | `-- proftpd.conf.head |-- stuff.pam_pgsql.conf `-- stuff.proftpd.conf
--
C Anthony
ok, i found the solution! I use powerdns & mod_dbd_mysql (I will also you pam with mysql) I develop an ncurses based panel to control the domain records -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.) On Thu, Sep 6, 2012 at 11:36 AM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
hmm, very nice! thank you! but about bind & apache? is there any module so i can manage the from a DB?
-- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.)
On Thu, Sep 6, 2012 at 7:06 AM, C Anthony Risinger <anthony@xtfx.me>wrote:
i know that, my problem is "central management" so my users can add
On Tue, Sep 4, 2012 at 4:59 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote: their
domains etc.
http://www.proftpd.org/docs/contrib/mod_sftp.html
... at work we run a setup that uses PAM to authenticate, but the PAM module ONLY looks at a Django database for users/etc (per a custom PAM service name) ... then we run proftpd specifically for SFTP-only access by external vendors. postgres is the DB in use (which, of course, there is no reason to run anything else because postgres is phenomenally more powerful and simple than ... others ;-).
the files have been scrubbed (via regex, possibly subtly broken in process) but it should get you going; things to note as they will likely need attention:
- targets debian, arch will need uid/gid tweaks, among others? - requires bcrypt django auth (if used) - requires pgcrypto for the target DB (if used ^^^^)
... all files are pretty well commented tho. HTH.
https://gist.github.com/3651050
# tree . `-- etc |-- pam.d | `-- stuff |-- stuff | `-- proftpd.conf.head |-- stuff.pam_pgsql.conf `-- stuff.proftpd.conf
--
C Anthony
participants (3)
-
C Anthony Risinger
-
Sebastian Günther
-
Δημήτρης Ζέρβας