[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] FTP/Upload access
- Subject: Re: [cobalt-users] FTP/Upload access
- From: Kris Dahl <krislists@xxxxxxxxxxxxx>
- Date: Wed May 3 09:36:24 2000
on 5/3/00 6:26 AM, Todd Knaus at todd@xxxxxxxxxx wrote:
> Dear Fellow RAQ 3 owners,
>
> I have a new web client that needs to be able to give upload/ftp
> privileges to various employee's. However, he only wants them to be
> access/ftp to certain directories. i.e. the sales dept. can only
> upload/download to the sales directory, the orders dept. can only
> upload/download to the orders directory and so on.
>
> Would I use .htaccess for this ? If so, where is a good location to read
> up on it ? I have not yet pplayed with .htaccess so I am obvious not
> sure how to set this up.
>
> Thanks for any input, help, pointers, tips, etc.
Well you could certainly create a couple of new groups in /etc/groups
sales:x:150:bob,janice
accounting:x:150:billy,jane
then set ownership of a certain directory
chown -R bob.sales sales
chown -R billy.accounting accounting
and set permissions
chmod -R 775 sales
chmod -R 755 billy.accounting accounting
done.
But it sounds to me like this client is looking to delegate responsibility
of certain portions of the site to certain people. Honestly, no good can
come from this. I have found that, all things considered, people are
usually idiots. Its not that they aren't intelligent or anything (although
some are dumb as rocks), its just that people make mistakes... a lot of
them. Having several people making changes on a live production server is
asking for trouble, and it will blow up in their face at some point.
Changes (especially by non-professional web developers) should not be done
on a production server, and shouldn't really be done by multiple people.
I would suggest doing either 1) or better yet 1) and 2):
1) Set up a test/qa server (can be a virtual host). They edit the files on
THIS site when they are done working on it in-house (dev server). They make
sure they didn't mess anything up. After everyone is okay with the changes,
You or someone who knows what they are doing (read: one person that will be
responsible) moves the contents of the test site to the live site.
2) Set up a content management system. This may be worth the time to
develop. Our clients are able to manage pretty much all of the content that
they need to update on a regular basis in a safe and secure environment.
They can't cause much harm, yet still have the power and freedom to maintain
their site. Everyone wins. But it ain't cheap to develop--but as far as I
am concerned its really the only way to go, and I highly suggest at least
let them know that how it is usually done.
-k