Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Setting up my storage VPS. Am I re-inventing the wheel?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Setting up my storage VPS. Am I re-inventing the wheel?

FreekFreek Member
edited January 2013 in Help

Instead of re-inventing the wheel, what’s the best way to setup a very basic storage VPS for 2-3 users? I want some files to be accessible over HTTP (public and private folder) while others only over SFTP. I was thinking of setting up a simple nginx installation with openssh, which should look like this:

/var/www/public where every user is allowed to upload public files
/var/www/private/user1 where a user can store his private files, password protected
/home/user1 for files that will be accessible through SFTP only.

Obviously, other users aren’t able to access each other files, except for public files… and that’s where I’m currently stuck on.
@ElliotJ helped me out on IRC but I’m afraid I did something wrong because it’s not working like it should. JElliot advised me to make a symlink from /var/www/private/john to /home/john/www, so that John can only access his own or public files. But still, John can access files from everyone.
John is not root, he’s a normal user and only owns (chowns) folders /home/john/www (/var/www/private/john), /var/www/public and /home/john .

Am I making it harder that it is or is this the way to go?

Thanks.

Comments

  • What do you mean 'access'?

    Being able to see that they exist != Access. Clarify more on that first.

  • MaouniqueMaounique Host Rep, Veteran

    I would setup a control panel and give everyone an account. You can specify quotas including traffic and bw.
    It will be easier and more error-proof.
    EHCP looks cool for debian and clones., have a short tutorial on how to install in the prometeus board.

  • you can install virtualmin to do that, with all modules, httpd, ftp, ssh, etc

    or just install a pureftpd server to grant FTP access, you can specify where is the DIR of each user.

  • Maybe implementing this in some manner might help you:
    https://github.com/Self-Evident/OneFileCMS

  • nunimnunim Member
    edited January 2013

    @Maounique said: I would setup a control panel and give everyone an account.

    @dedicados said: ou can install virtualmin to do that, with all modules, httpd, ftp, ssh, etc

    Suggesting a control panel on LET? Where have we gone!

    You only need a few low traffic accounts? How big is the VPS?

    I'd probably just run 3 separate nginx servers if you what you're trying doesn't work out easily.

  • You could use samba. It's pretty straight forward to split the shares the way you want it here.

  • MaouniqueMaounique Host Rep, Veteran
    edited January 2013

    @herbyscrub said: You could use samba. It's pretty straight forward to split the shares the way you want it here.

    Well, he does need http.
    A control panel will give users ftp and http, scp might be offered too.
    It can be done many ways, I was thinking easy and graphical is the best :)
    He wouldnt ask if he was linux guru, i think.

  • sleddogsleddog Member
    edited January 2013

    I'd take a more traditional approach to a multi-user setup. Use useradd & passwd to create users with home directories, e.g.

    /home/user1
    /home/user2

    Ensure that user homes are not world-readable. Ownership would be (for example) user1:user1 and permissions 751.

    Then create their public_html root directories, and configure their webspace (subdomains or domains):

    /home/user1/public_html
    /home/user2/public_html

    These public_html directories would be owned (for example) user1:user1 and permissions 755.

    "Private" html could be:

    /home/user1/private_html
    /home/user2/private_html

    These private_html directories would be owned (for example) user1:www-data and permissions750.

    If you're using nginx, you'd have to pre-configure web authentication in each virtual host. The username/password could be stored at (for example) /home/user1/.htpasswd, owned by user1, so he/she could modify it (point your users to something like http://www.htaccesstools.com/htpasswd-generator/).

    For a "shared" directory:

    • mkdir /home/shared
    • chmod 777 /home/shared
    • cd /home/user1
    • ln -s /home/shared shared
    • repeat for other users.

    If this shared directory is to be web-browseable, create another virtual host (subdomain...) and point its root to /home/shared. And in this virtual host, you may want to disable scripts, e.g. php, pl, cgi, etc.

    You can then enable user quotas....

  • heads up for @sleddog's suggestion :)

  • Thanks for all the suggestions!

    @Wintereise said: What do you mean 'access'?

    Being able to see that they exist != Access. Clarify more on that first.

    Sorry about that. I meant that I also do not want them to be able to see each other private files.

    @Maounique said: I would setup a control panel and give everyone an account. You can specify quotas including traffic and bw.

    It will be easier and more error-proof.
    EHCP looks cool for debian and clones., have a short tutorial on how to install in the prometeus board.

    @dedicados said: you can install virtualmin to do that, with all modules, httpd, ftp, ssh, etc

    Thanks for the suggestion. I looked into it but I think it's a bit overkill for what I'm trying to accomplish here. I see you can also setup mail accounts, databases etc with EHCP, which I won't be doing. Just simple file storage and serving :)

    @twain said: Maybe implementing this in some manner might help you:

    https://github.com/Self-Evident/OneFileCMS

    Very neat script! Amazing how powerful php can be with just one file. It's not quite what I'm looking for in this situation, but it will surely come handy in the future! Thanks for the sugesstion!

    @nunim said: You only need a few low traffic accounts? How big is the VPS?

    I'd probably just run 3 separate nginx servers if you what you're trying doesn't work out easily.

    Yeah, just 2-3 accounts. 200GB of space. Purely for file storage and serving.
    3 seperate nginx servers, of do you mean 3 seperate 'sites'/subdomains, like @sleddog describes?

    @Maounique said: He wouldnt ask if he was linux guru, i think.

    Haha you're right about that ;) I'm just another Linux noob, grateful for all the help I'm getting over here!

    @sleddog said: I'd take a more traditional approach to a multi-user setup. Use useradd & passwd to create users with home directories, e.g.

    Thanks, I like this one the most. Very basic without any eyecandy or other fuzz.

    I started setting everything up as you described, but made a slight adjustment. Every user now has 3 dirs:
    shared
    public_html
    private_html
    Users do not need to have a seperate public_html folder. If they want to share public files, they'll just have to upload it to the shared folder. So I deleted the public_html folder.

    @sleddog said: If this shared directory is to be web-browseable, create another virtual host (subdomain...) and point its root to /home/shared

    This confused me a little. Users won't get a separate domain or subdomain.
    User's private_html folders should just be accessible (password protected) via domain.com/private/user.
    The public/shared folder is accessible over domain.com/public

    Do I still need to setup another virtual host to accomplish this, or should I edit the current default host file?

    Thanks!

  • @Freek said: This confused me a little. Users won't get a separate domain or subdomain.

    User's private_html folders should just be accessible (password protected) via domain.com/private/user.
    The public/shared folder is accessible over domain.com/public

    Do I still need to setup another virtual host to accomplish this, or should I edit the current default host file?

    I would use subdomains for the private html as it provides better separation of accounts and simplifies the nginx configuration, but you can probably get either approach to work.

  • edited January 2013

    @Freek said: This confused me a little. Users won't get a separate domain or subdomain.

    It was to mean that you'd create a virtual host for shared.example.net, for example, and make it's root at /home/shared. With that, the shared files would live at http://shared.example.net.

  • erhwegesrgsrerhwegesrgsr Member
    edited January 2013
    1. create users with / as home directory
    2. edit the ssh server config to chroot people to /home/%username
    3. ln -s /home/USER/www /var/www/private/USER
    4. hardlink a shared folder into everybody's home directory

    chmod and chown everything and secure the private http folders

  • @sleddog said: I would use subdomains for the private html as it provides better separation of accounts and simplifies the nginx configuration, but you can probably get either approach to work.

    @JS_James said: It was to mean that you'd create a virtual host for shared.example.net, for example, and make it's root at /home/shared. With that, the shared files would live at http://shared.example.net.

    Thanks for the clarification!

    @BronzeByte said: people to /home/%username

    I'm really close to what I want now.
    I was able to chroot people to /home/%username, the problem is the public folder is in /home/www/public, so ofcourse it doesn't have access to that folder.

    So I chrooted everyone to /home, but if I want to browse to the public folder through filezilla, it complains it cannot find the directory, although it works through mc.
    Error: Directory /john/public: no such file or directory
    /john/public is a symlink to /home/www/public
    A hard link was not possible. This error occured after setting up chrooted directories like this (/etc/ssh/sshd_config)
    Match User john
    ChrootDirectory /home
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

  • @Freek

    did you use mount --bind?

    And ChrootDirectory should be /home/%u (make sure to have OpenSSH 5.3, there have been some chroot bugs in the past)

  • @BronzeByte said: did you use mount --bind?

    No, but I just tried 'sudo mount --bind /home/www/public /home/john/public' but sadly made no difference.

    @BronzeByte said: And ChrootDirectory should be /home/%u

    Changed, makes users chroot into /home/username again.

  • @Freek said: Changed, makes users chroot into /home/username again.

    But do make their home directories simply / or the chroot will try reaching /home/USERNAME/home/dir

  • @BronzeByte said: But do make their home directories simply / or the chroot will try reaching /home/USERNAME/home/dir

    I just re-read this three times but I don't understand what you mean?

  • I am still having issues, the best way to describe them is using an example:

    I have these folders:
    /home/freek/private_www
    /home/freek/public_www
    /home/freek

    /home/john/private_www
    /home/john/public_www
    /home/john

    How can I make the folder /home/john/private_www and /home/freek/private_www show up in my webserver in one folder? e.g. domain.com/private/ contains both /john and /freek.
    Same goes for public.
    I find it very hard to explain what I mean, so I hope you guys get it.

    I tried solving it with symlinks, like so:
    /home/freek/private_www --> Symlink to /home/www/private/freek
    /home/freek/public_www --> Symlink to /home/www/public
    /home/freek

    /home/john/private_www --> Symlink to /home/www/private/john
    /home/john/public_www --> Symlink to /home/www/public
    /home/john

    /home/www/private/john
    /home/www/private/freek
    /home/www/public

    But that was a big nono as filezilla went mental as soon I clicked one of those symlinks.

    Something simple like this shouldn't be so hard, should it? I already spent like 2 hours on it, ridiculous for something basic like this.

Sign In or Register to comment.