Directory structure / permissions.

I've got a slight problem. I want the owner of a domainname, to be able to acces all users within his account. And he should be able to delete / modify their files. No matter what their permission are.


My directory structure is as following:

/home/domein.nl/ <= Document root
/home/domein.nl/web/ <= Accessesible by http
/home/domein.nl/users/
/home/domein.nl/users/admin <= The Admin's dir
/home/domein.nl/users/* <= Dir form other users within the account.


I thought when I use PureFTPD instead of Proftpd, I will be able to let all users on a certain domain upload with the same UID and GID. That way the admin would be able to delete / modify whatever he want. But this isn't possible cause of a security risk. All users will the be able to browse the documentroot with a simple PHP / CGI script. Setting php_open_base dir wont help, cause the users access their account with apache mod_users. So all users are running under the same open_base_dir and GID / UID. Even if open_base_dir is set on a user account. Then it would be possible to do it by using a simple CGI script.

The other solution I thought of was to let all the users work under the same GID. That way the admin would be able to delete /modify all files. But this also isn't possible. Cause When a user changes permissions of a file the admin won't be able to delete / modify the file. Same for files created by Apache, cause apache is running under a different UID / GID.

Is it possible to let the admin delete / modify all files within his documentroot. So that it won't give a security risk to others. How do you ppl handle this? And most of all, how do the Control Panels do this???

Thanx in advance Directory structure / permissions.

 

 

 

 

Top