# apache, ftp, jails, and home dirs



## nORKy (May 19, 2011)

Hi,

I want to set up an apache22+php-fpm on base host and a jailed ftp server.

On the base host, there are many accounts (used by php-fpm) but I need that the jailed ftp server access to the base host account to log in (I use nullfs to mount /home).

How can I share accounts? (without copying files).

Thanks you.


----------



## SirDice (May 19, 2011)

You can't share accounts, not without some external accounts database like LDAP.

You can just create the same accounts with the same UIDs. Since they're probably just functional accounts (not user accounts) this should work.


----------



## nORKy (May 19, 2011)

oh ok...
Do you think it's a bad idea to "split" apache/php with ftp/ssh access ?


----------



## SirDice (May 19, 2011)

It's not a bad idea but I don't really see the benefit either.


----------



## nORKy (May 19, 2011)

I want to secure all users "action" (ftp and ssh) in an jailed environnement. They don't need a full system, or an apache process.


----------



## AndyUKG (May 20, 2011)

Hi,

  Is the idea that end users have FTP and Ssh access to web data which is then shared by Apache? In that case maybe the logical thing to do is have a single jail. where you run Apache and the FTP server. Jails are for managing security of unrelated services, if your FTP and Apache services are for the same users and data then it would seem to make sense to put them in the same jail. That way you don't have any end users in the real /etc/passwd of the base OS, you just have you administrators.
If you really wanted to stop your users seeing the httpd processes then you could go for two jails, and you could have both jails in the same file system and have the passwd and passwd.master files hard linked. Not tried it, but think that would work,

cheers Andy.


----------



## nORKy (May 22, 2011)

Thanks You Andy.
I will use 1 jail. It's less complicated...


----------

