Web Hosting Forums

Results 1 to 11 of 11

This is a discussion on Setting up subdomain accounts for our members in the Hosting Talk & Chit-chat forum
How would we go about setting up a secure way to let members of our group have their own subdomain account (5 or 10 meg) ...

  1. #1
    Loyal Client
    Join Date
    Nov 2001
    Posts
    21

    Setting up subdomain accounts for our members

    How would we go about setting up a secure way to let members of our group have their own subdomain account (5 or 10 meg) inside of our main account here at aletia?

    I'm thinking .htaccess is not secure enough, with the "telnet" scripts they could upload (see my post in the ssh topic for the script), I'm worried they might be able to access the main directory above their subdomain directory. I already have an excellent filemanager script I can set up in each individual subdomain account, which I believe .htaccess would be fine for them to use as a way to access their own space, I'm just concerned with them getting into other member's space's on that same main account.

    I believe a saw somewhere on the aletia site that they do support subdomain hosting within accounts, so what I'm hoping is that they have a good way to do so securely.

    Any suggestions appreciated!

    Regards,

    Mizfitz Admin
    html_mizfitz

  2. #2
    Loyal Client
    Join Date
    Dec 2001
    Posts
    110
    Hi,

    I have sub-domains set up, but only I use them. It will be interesting to see if there is a way to have a sectioned off sub-domain. I would think that as long as someone has access to the FTP they could see the entire site though. Maybe I'm wrong?

    Sara
    gregsbaby84

  3. #3
    Loyal Client
    Join Date
    Nov 2001
    Posts
    21
    Well, I do know that you can set up seperate FTP accounts for each subdomain, so that each subdomain account user would have their own username and password, and from what I've seen trying it for myself, NO, you can't access the root directory above that subdomain with the FTP account set up for just that subdomain. BUT... I haven't really TRIED to either... that is my concern, this is a group of advanced programmers I want to offer accounts to, if anyone can get past it, it will be these guys. I need something fool-proof, and I don't think I have it right now. I mean, I could get into the main root directory of a place like virtualave.net with the script I have, and these guys have that for sure. If VA wasn't secure enough.... then I'm really going to be challenged to get that level of security myself. And using that script method above, that's childs play to what I'm expecting these guys would be capable of. I KNOW these people as well as you can "know" someone on the internet, and I'm not thinking they would be malicious if they got in, but just the same, I'd rather them NOT be digging in each others private files.
    html_mizfitz

  4. #4
    hell no, we won't go!
    Join Date
    Sep 2002
    Posts
    1,093
    Why not try asking 1 or 2 of them if they know of any good solutions. If they are good programmers they should be able to recommend somehting or maybe make it for you...
    - Colin

    I like food.

  5. #5
    alexodin
    Guest
    well... ftp-way is the only one.
    you dont want to give them your main account information, i hope.

    by doing ftp-way(one subdomain; one ftp account) you will be safe enought to sleep well

  6. #6
    Loyal Client
    Join Date
    Dec 2001
    Posts
    110
    Maybe it's just me, but if you don't trust them, then why are you willing to maybe give them access to your account and files?

    Just from what I have been reading on your 2 posts, seems that you are making doubly sure since they are too smart for their own britches. *yeah, I'm Southern LOL*

    I would definitely ask support about this in email and see if there is a solution. You may be stuck having a bunch of programmers with access to your site otherwise.

    Let us know what happens, I'm definitely interested!

    Sara
    gregsbaby84

  7. #7
    Loyal Client
    Join Date
    Jan 2002
    Posts
    39
    Yes alex, that is what we have planned to do (I'm one of the html-mizfitz admins), set up one ftp account for each subdomain account. The FTP is not really my security concern however. My main concern is them getting in with the telnet scripts we msntv users use. I know that aletia doesn't have "real" telnet, but, I'm not sure these scripts require "real" telnet to access the commands they access.

    I think what I'm going to do is just go put one of the scripts in there now and TRY it myself... couldn't hurt anything, right?

    We just got the new account set up today, so I guess I'm "go" for experimentation.

  8. #8
    Loyal Client
    Join Date
    Jan 2002
    Posts
    39
    Originally posted by Gadget Girl
    Maybe it's just me, but if you don't trust them, then why are you willing to maybe give them access to your account and files?
    Yeah, Sara, but it's just that I've been stabbed in the back several times now online by people I *thought* I could trust. I don't trust ANYONE now. How well can you really *know* someone when all you know them by is a name they made up, and the facts they made up about their *suppossed* self? It's way easy to lie to someone when you have a power button between you. Some people online don't even consider others online *real* people, and therefor have no guilt when they break someone's trust online.

    I'm just being my usual extra-careful self.

  9. #9
    Loyal Client
    Join Date
    Jul 2001
    Posts
    200
    From what little messing around with this same sort of thing that I've done, I think you may not be able to achieve the level of security you're looking for.

    With CGI scripts it would be a simple matter for one of your subdomain users to edit or delete any files you have chmoded 777. But since these scripts would run under the "nobody" username of the webserver, I don't think they could alter or delete anything less than 777, although they would still be able to view each other's files. And that's true for anybody on the server at all...I could technically mess with anybody's files anywhere on the server if they are 777, and read them if the permissions are set that way.

    Experimentation is the way to go.

  10. #10
    Loyal Client
    Join Date
    Dec 2001
    Posts
    110
    Seething, I think you read my post wrong...*LOL* but it's okay, you got the main jest of it.

    I was trying to say that you can never be too trusting. I have been burned, and I have learned.

    I don't trust anyone online, no one has access to any of our files. Period.

    I know exactly what you mean when you say that "some people online don't even consider others online *real* people, and therefore have no guilt when they break someone's trust online." I have so been there and done that.

    Sad isn't it? :bawl:

    Sara
    gregsbaby84

  11. #11
    Royal pain in the @$$ timechange's Avatar
    Join Date
    Nov 2001
    Posts
    1,559
    1. Make a subdomain, e.g. foobar
    2. Make an FTP account by the same name, foobar & a password of your choice.

    Users that FTP to foobar.domain.com with their foobar/pass will ONLY have access to that subdomain

    Hope this helps.
    Hot domain auctions on ebay: http://timechange.com/ebay/

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •