Re: [nslu2-linux] user www an webserver
- This is what you said joswennmacker
> Hi all,In my opinion you probably don't want to give write access to the account
> I recently installed lighttpd un my slug (unslung 6.8) and created
> two websites. I use virtual hosting for two sites with two IP-names.
> Wonderfull, so far. The server was however still running as root,
> which I changed to user www.
> I created this user from unslung with the adduser command. I also
> use sftp to update the sites from another machine inside my LAN. I
> have to be able to update it from outside my LAN, so sftp is a must.
> After reboot the new user www was changed: it didn't have a password
> anymore. The passwd file just had an x. I searched the wiki and
> found that this is normal behaviour, that I should create a user
> from the Linksys interface. So I deleted my own www user (and www
> group) and created one from the webinterface. I chown'd all the
> files in my sites to www.www. Wonderfull! Both my sites are up and
> running again.
> BUT: the Linksys interface sets the shell for www to /dev/null.
> I did not find a moduser command for unslung, so I cannot change the
> shell in passwd. So, without a valid shell, I cannot sftp to the
> slug with user www. I have to use root, and all the files I put to
> my server are owned by root, so the webserver has no access to it. I
> first have to chown them before I can start testing.
> Any solutions? I'm not in any way an experienced Linux user.
> Thanks in advance.
that runs the web server. Maybe give write access to a few required files
here and there, but otherwise read-only access. Again, that is just my
own personal practice. Almost all my files are set to root:lighttpd with
the mode on the files set to 644 and directories set to 755.
If you still want to give write access to your 'www' account, you might
consider installing RSSH (www.pizzashack.org/rssh/) for the shell. In
this way you can still prevent the 'www' acount from having an interactive
shell, but you can still SCP/SFTP files to your server. Plus it has all
sorts of configuration settings for configuring the umask and the mode on
I personally don't find it all that inconvenient to upload files using a
normal user account, and using 'sudo' to move my files to the configured
web folders and again using 'sudo' to set the permissions. It is not like
you are going to be hosting hundreds of sites on an NSLU2.
You might also google the chmod command and consider using the sticky bit
on directories. I have done this in a few cases on folders outside of the
web directories (like my Music directories), so that I can copy files
using SMB as any configured SAMBA user and still have the group
permissions set correctly so that the web server account can read the
If you are just looking for convenience, just do as another user suggested
and just set your desired shell by editing the /etc/passwd file. Just
remember in almost every instance secure does not mean convenient.