Results 1 to 9 of 9
  1. #1
    Senior Member FZ's Avatar
    Join Date
    May 2003
    Location
    Johannesburg, South Africa
    Posts
    1,024

    Default Workaround: Home directory without assigning FTP access

    Hmm, I seem to be on a roll solving some of my own 2.0/VDS-related problems :lol: For the *nix savvy out there, this is probably the simplest thing in the world - and you probably think I am stupid, but then I am not *nix savvy, so this took me a while to figure out.

    For whatever reason, you may have a situation where you would like to give each e-mail account holder their own home directory so that they can have their own SpamAssassin settings, as well as their own Procmail recipe file (but not want them to have FTP access). Currently (using the Site Manager at least) this is only possible if you give the person FTP access - then it allows you to give them a home directory. However, in some cases you may be the one doing the admin of these files for the account so you don't need to give it FTP access. Another benefit of assigning a home directory to a mail account is that you will no longer see the "SYSERR(root): forward: no home" error in your /var/log/maillog (Sendmail log). I also noticed that this particular error shows up in e-mails that are bounced when the mail account's quota is exceeded. It just adds useless unintelligible errors to that e-mail which may serve to confuse the person reading about why their e-mail was rejected when sending it to someone on your domain. This is where the following comes in handy...

    During the beta test, I pointed out that if a user was not given FTP access, they would not have a home directory, and consequently they were subject to non-personal/global SpamAssassin and Procmail rules. At the time I was told this was a known issue, but unfortunately nothing has been done to fix this (though I can understand why - this is a more advanced issue and the people that need to do this probably know how to work around this already). I have a couple of e-mail accounts that do not need FTP access, but I do want to be able to administer their settings individually if need be. So I looked up some info and messed around a bit until I finally "discovered" that editing the /etc/passwd file is how one assigns a home directory (amongst other things) to each user (this is where the *nix savvy people are going to laugh at me )

    I don't recommend using FTP for this one: you could break something and in this case breaking such an important file could potentially disable your account. Don't do this unless you are confident with using SSH, Pico, etc. Not sure about the "breaking" bit, so could the *nix experts comment? (torrin, are you out there? )

    Anyway, here is how to do it (assuming you are editing the user johndoe who you have already added using your Site Manager and assigned only e-mail access to - no FTP and so no home directory):

    1. Using SSH, log in to your account.

    2. At the prompt, type

    pico /etc/passwd
    and press enter.

    3. Move to the line that begins with johndoe... It's most likely near the end of the file, and press the END key to go to the end of the line. Using your arrow keys, move left until you are between :: and :/ftponly - in other words, what you type below is followed (exactly) by the string :/ftponly

    4. Type in the full absolute path to the directory you want to make this person's home directory, e.g. /home/johndoe

    5. The line now looks like this:

    johndoe:x:12345:101::/home/johndoe:/ftponly
    Where the johndoe:x:12345:101:: and :/ftponly parts remain unchanged (some of these values are different in your case!).

    6. Press control-x; type y; press enter. This is done to save the file (answering Pico's questions about saving the file, etc.)

    7. Now type (and press enter after each)

    cd /home
    and then

    mkdir johndoe
    8. Copy any files you feel you need to have in here (though this is not necessary - it's fine to leave empty). Type cp --help and press enter if you are not familiar with how copy works. You could, at this stage, just use FTP to do this as well.

    9. If you want to use Procmail, you may create the .procmailrc file in this directory (and CHMOD 644 .procmailrc). If you are running SpamAssassin, the next time an e-mail arrives in this user's account, SpamAssassin will automatically make the .spamassassin user-specific directory (and its related files) here. Then all you need to do is edit as necessary.

    That's it. Again, please make sure you know what you are doing - I'm an adventurous person so I tried all this and managed to get away without breaking anything - and also because I don't rely on my site for income or anything so I would not really have had a problem waiting for tech support to fix it if something bad had happened
    Fayez Zaheer

  2. #2
    Senior Member torrin's Avatar
    Join Date
    May 2003
    Location
    Vista, CA
    Posts
    534

    Default scary

    Quote Originally Posted by design64
    Not sure about the "breaking" bit, so could the *nix experts comment? (torrin, are you out there? :smile
    Yes, I'm here :smile: and yes, this is some dangerous territory that we're getting into here. These are some of the most important files on the system and yes you could potentially lock yourself out of the account. The instructions that you give are right on the money though. Good work!!

    The normal (and probably safer) way of doing this is to use the command adduser. Or it might be called useradd on Red Hat systems. Take a look at the man page for complete instructions. On my system, you need to be root to execute this command, so you might not be able to use it.

    Just as a last note, if you're doing this, I'd suggest having an extra ssh session running where you are already logged up. That way, if you screw something up, you'll be able to fix it.

  3. #3
    Senior Member FZ's Avatar
    Join Date
    May 2003
    Location
    Johannesburg, South Africa
    Posts
    1,024

    Default

    Hi torrin,

    Thanks for validating my experiment I did look for the respective commands before I delve into manually editing the file - but I could not find them (I would hardly call my search thorough though). Neither adduser nor useradd work ("command not found"). It might be another one of those programs that WestHost chose not to include in the VDS installation (understandable as usual, though). I did notice something cool though - once you add the home directory info, if you click on the "edit" E-mail/FTP account and navigate to the FTP properties page, the home directory shows up perfectly in it, as does the actual quota usage! What that tells me is that WestHost could (should?) have made it possible to set home directories for e-mail accounts.

    Thanks for that tip about running a second SSH session - really good advice, that. I thought about something like that when typing my post, but I forgot to mention it in all that typing. I doubt many people will be playing with their /etc/passwd after reading the many warnings I typed as well as after reading you re-iterate them, anyway...
    Fayez Zaheer

  4. #4
    Senior Member FZ's Avatar
    Join Date
    May 2003
    Location
    Johannesburg, South Africa
    Posts
    1,024

    Default

    Alternative Method:

    Thanks to jalal and Ryan from tech support for this. Apparently, if you give the relevant e-mail account FTP access (and therefore give it a home directory as well), complete that whole process, and then edit the account to remove FTP access, the home directory is retained - so you do not need to go through the lengthy, possibly "dangerous" process above.
    Fayez Zaheer

  5. #5
    Senior Member dansroka's Avatar
    Join Date
    Nov 2003
    Location
    New Jersey
    Posts
    177

    Default

    I have a small number of users who only need home directories for spamassassin and procmail (no FTP), so this conversation is very useful!

    Let me make sure I undestand all this: when you disable the FTP account for a user, and the home directory is retained, where is it? Is it the /ftp/pub/username directory still? A little unintuitive if it is. Or should I user Site Manager to change the home FTP directory before disabling FTP access?

    FZ, you recommended (in other posts) placing the user directory in /home/users/username. However is 2.0, /home is an alias for /usr/home (in which my primary user account lives). This would mean that user home directories would be: /usr/home/username1, /usr/home/username2, etc. Is this a safe place to put the user home directories?

    Thanks!

  6. #6
    Senior Member FZ's Avatar
    Join Date
    May 2003
    Location
    Johannesburg, South Africa
    Posts
    1,024

    Default

    The home directory that you specified when you created the particular account is the one that is "retained". So if you accepted the default (/ftp/pub/username) then that is what is kept; that is where the .procmailrc and .spamassassin would go and be created, respectively. What you specify for the home directory is up to you, really... If you want to make it a web accessible directory (i.e. give the person their own "mini-web site"), then you'd put it in /var/www/html/username and then (optionally) add a subdomain to point to that directory. Bear in mind though that this would make their .spamassassin directory and .procmailrc file web-accessible (by default), so you'd need to restrict access to them somehow (.htaccess comes to mind).

    About the "safety" of using /usr/home/username - keep in mind that even if the person had FTP access (which in this case they don't) the person would not be able to access directories above this - in other words, they would not be able to access /usr/home or /usr or even /. They would only be able to access directories "below" their own. So, it is perfectly safe. You are the only person that will be able to access the directories: you are in total control!
    Fayez Zaheer

  7. #7
    Senior Member dansroka's Avatar
    Join Date
    Nov 2003
    Location
    New Jersey
    Posts
    177

    Default

    Ah, so is it true that when Site Manager puts the user directories in /ftp/pub/, that is technically just an arbitrary location, one that can be changed to anything you want (e.g. /useraccountslivehere/ or /helloworld/ or whatever). I assume that the use of /ftp/pub is just a directory that has become standard-practice in the unix world.

    So, whereever that home directory is, if I keep their FTP access enabled, when they signed in they would go whatever directory I designate as their home. Interesting!

    When asking if it was "safe", I meant that I heard that the /usr/ directory was "reserved" for the root user. But guess since I am the root user, I can do what I want with it (including putting my other users' home accounts in it, since for me that sounds like a more logical and easier to remember location.

    FZ -- as always, thanks for all your help! You've answered so many questions for me and I really appreciate it. By the way, in a fun coincidence, we just had dinner with friends who are about to move from San Francisco to J'burg.

  8. #8
    Senior Member FZ's Avatar
    Join Date
    May 2003
    Location
    Johannesburg, South Africa
    Posts
    1,024

    Default

    Yes, /ftp/pub is just an arbitrary choice - it's where your publically accessible FTP files go, so if you are setting up an FTP account, then naturally that would be the first location that comes to mind

    Yes, you can change it to absolutely any location you like. Unix should have no problems with you putting your users' home directories anywhere.

    Yes, when they log in via FTP they are taken to their own home directory (wherever it is) and are restricted to that "level" and to directories below it, but not above. If you have any doubts, you could always create an account and then log in via FTP to see how it all works.

    I'm by no means a Unix expert, so it may be that in "standard" cases /usr is reserved, but then this isn't exactly a standard installation anyway. I've been using /home/username for over 2 months now without any problems whatsoever. Again, if you have any doubts, you could always specify any other location - perhaps you would prefer to create a directory called "ftpaccounts" in your root directory and prefer to use that - it's up to you.

    You're welcome. And let your friends know that Joburg is a really, really cool place and I'm sure they will love it just as much as I do
    Fayez Zaheer

  9. #9
    Senior Member dansroka's Avatar
    Join Date
    Nov 2003
    Location
    New Jersey
    Posts
    177

    Default

    Watch as the proverbial lightbulb goes on over my head. Awesome.

Similar Threads

  1. Creating multiple sub-domains problem 1
    By shw in forum Account Maintenance
    Replies: 11
    Last Post: 05-06-2007, 04:49 AM
  2. Replies: 3
    Last Post: 03-15-2007, 08:32 PM
  3. Separate FTP and Shell access
    By 4ever in forum General Discussion
    Replies: 2
    Last Post: 06-09-2006, 11:44 AM
  4. FTP Change home directory /same different users
    By noobe in forum General Discussion
    Replies: 4
    Last Post: 05-17-2004, 05:36 PM
  5. Workaround: More than 1 FTP user for /var/www/html
    By FZ in forum General Discussion
    Replies: 4
    Last Post: 10-05-2003, 09:40 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •