[lug] LAMP FTP setup

[Nate Duehr]

On Jun 5, 2007, at 10:12 PM, George Sexton wrote:

> As has been beaten to death here, FTP is brain dead. There are  
> plenty of free SSH clients, including Windows ones. Make them use SSH.

Wow this is headed off into the ditch.  The guy asked for help for  
people who are obviously using his server to host websites, and the  
typical tools low-end website writers use have FTP built in.  Many  
don't have ssh or don't know how to use it.

Should he teach a few of them how to use better tools like SSH?   
Sure... but it doesn't address his problem -- he wants the end-users  
of the website to be able to upload to their sites securely.

Personally, I think the overall problem is most elegantly "fixed" by  
not doing virtual sites at all, but by virtualization of the "whole"  
machine.

I think most hosting providers these days agree... give the end-user  
a whole "machine" they can mess with, but the majority won't ever  
even ask for shell access... but if they "break out" and wander  
around their own filesystem, so what?  Everything in the virtual  
machine is "theirs".

It does take a re-design of his setup, and probably beefier hardware  
to pull this off, though.

You can spend hours/days/years trying to keep users that should not  
"trust" each other on a multi-user box from ever stumbling over each  
other, at the cost of great amounts of time -- or you can just give  
each user their own virtual box and then work on things like  
automating the security and other updates for those virtual machines  
in an efficient way that is well-communicated to the end-users.  Or  
require them to do it themselves (bad idea - they won't).

--
Nate Duehr
nate at natetech.com