Hi guys - here's a newbie question for you....

(but im not quite a newbie - i just never solved it )

....it's probably dead simple...

I have 2 remote debian servers that I use to host websites.
I would like to be able to sftp in to both and upload files to any of the web directories on them with one user account, but I have disabled root login.

I would like to know how to set up a user that will automatically have admin access to any web directory as I create them using a web-based gui admin system.... (I use webmin on one box and 42goISP on the other).

I have just muddled my way through so far (for 4 years!), by changing the owner of the directories manually after I have added them using the gui, (or adding my admin user to each group that is created in the case of 42goisp) but this Im sure will screw up if i ever try to do anything to them with the gui again, since they are originally owned by www-data.
(which by the way I am intrigued by - how do you find out what www-data s password is? and if you change it, does apache and everything else that uses it break?)

-42goisp has all website directories that it creates owned by www-data with a unique group (ie: web22).....

-webmin seems to just create em with ownership as www-data.www-data

Anyone got a simple group/user solution that will help me out without exposing my boxes to too much security risk?

PS Actually I never really solved this problem with the raq i had before these either - I just broke the gui then also... the problem arose because the gui would set every new website to be owned by a new user, when really I wanted to own them all (or at least have the rights to them) myself.

sorry if im rambling - i realise i have 2 different problems here, but i would welcome some useful input as i am unable to google anything of much use...

Thanks

You say you have disabled root logins, so how do you elevate your privileges? su,sudo,super?

nz

generally su - why?

If www-data is a user, what happens when you su www-data?

nz

...i get asked for a password (which i don't know -see above) - this was something I was wondering about; wether I could use www-data as my super-user; but i've seen stuff that recomends against it, cause it has too much privilege (but maybe by that they mean it can access all the websites - which I would put up with :-) )

I su to user 'postgres' to do maintenance of postgresql databases, and postfix allows you to su to user 'postfix'. I can't help you with the password as I am not sure whether it would be your root password, your normal user password, or the 'www-data' password whatever that might be. I am thinking that if you are a member of the www-data group it would be your user password, unless you (or the installation) set a password for user 'www-data'. Wish I could be more help right now. Got to do more research.

nz

have you tried
su -
and then from your root account su to your user

if I remember correctly
i do not need a password to su from a superuser (root) to a normal user

the main thing i want to be able to do is to (s)ftp files into all the website directories as one suitable user (convenient for me, and giving a secure-ish ownership of these files) - what i want to know is how this user should be setup....

- it's not so much what to do when I login via putty - i'm ok with that....

I believe you already have the tools to do this without making any changes to the system, just have to figure out the right sequence of commands.

nz

In webmin change the password of user www-data to something you know. This should allow you to do all the maintenance you need without adding or breaking anything.

nz

Root can't find out the password of user accounts, but it can change the password to be anything you want. As root, just type That will ask you for a new pasword for www-data, and you'll be good. Also to get the sftp happening, make www-data the owner of the /var/www directory, and you should be able to get to it through ftp. That may mess up your security in other ways, but making it so you can ftp the files into the correct place is trivial, just set the ownership of the location to the account you want to use while ftping, and you're set.

Peace,
JimBass