Re: [cpx] Migrating to VPS2 & CPX - how to add a domain admin?

[Rus Berrett <rberrett@xxxxxxxxx>]

On Mon, Aug 21, 2006 at 08:39:55PM -0700, Matt Cohen wrote:
>
> Subject: Re: [cpx] Migrating to VPS2 & CPX - how to add a domain admin?
>
> At 4:48 PM -0700 8/21/06, Rus Berrett said something about:
> >On Wed, Aug 16, 2006 at 03:19:41PM -0700, Matt Cohen wrote:
> > > At 3:01 PM -0700 8/16/06, Rus Berrett said something about:
> > > >On Wed, Aug 16, 2006 at 02:22:26PM -0700, Matt Cohen wrote:
> > > >If you added them manually outside of CPX, then don't fret.  Check
> >> >over your vhosts in your httpd.conf and be sure you are happy with
> >> >the "User" assignments for each host.  The username specified as
> >> >the value for the "User" component of the VirtualHost is presumed
> >> >to be the domain admin (only one domain admin per domain).
> >>
> >> THanks for the clarification - but what if i'm NOT happy with that
> >> assignment?  Can I change it?
> >
> >Via the GUI?  No, not at this time.
> 
> But i'm safe if I do it manually?  or will CPX over-write my changes 
> at a later date?

CPX syncs up with httpd.conf, so there is no danger of CPX overwriting
your changes.  You will need to manually move the <eu_capabilities> node
in your cpx.conf from one domain admin user to the next... make sure you
backup your cpx.conf file so that you can access the old eu_capa node
after you manually change the domain admin.

> 
> > > I've got my contact at the business (userid: manager), who wants to
> >> handle all the usernames & password resets.  However he does NOT want
> >> to handle the FTP to the site, which someone else handles.
> >> Therefore, on the VPS2 i've laid out the site as
> >> /home/company123/www/company123.com.  That way they can give out the
> >> password to the company123 account to other employees/people who need
> >> FTP access to the site.
> >>
> >> I don't think I can specify the User as 'manager') and have the web
> >> site live in /home/company123/ , right?
> >>
> >> Any suggestions?
> >>
> >> Matt
> >
> >Hmmm.  Could you simply set up the company's website under 'manager' in
> >/home/manager/www/company123.com and then set up another FTP-only account
> >that homes itself in /home/manager/www/company123.com?  Would that not
> >fulfill the needs of your customer?  It's not pretty, but it would work
> >(methinks).
> 
> That was another discussion on the VPS2 list a while ago - the issue 
> is with permissions - now I have the company123.com acting with 
> different permissions.  And what if 'manager' leaves the company?  I 
> have to keep his account around or shuffle things for the new manager 
> to keep everything working.

simple... make "manager" a role account.  the same goes for the FTP-only
account.  If you use role accounts then you never need worry about
someone leaving the company.  Sure, the "manager" and "ftp-user" will
need to remember two usernames and passwords.  But that is a small price
to pay for the added flexibility.  Then make the role accounts members 
of the same group (or members of each others groups), and then g+w all 
of the directories and files.  change the umask settings for both the 
manager and the ftp user so that new files are created with g+w.

hth.

--rus.


> 
> I think i'll keep with manually editing for now..
> 
> Matt
> -- 
> :-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+:-:+
> Matthew I. Cohen                                   http://www.iwbyte.com/
> It Won't Byte Web Design & Hosting.     Ob. Quote: "Reality is for those
> email: lists@xxxxxxxxxx                  people who can't handle Fantasy"
> ======================================================================
> This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
> Before posting a question, please search the archives (see above URL).

-- 
========================================================================
Rus Berrett                                                    NTT/Verio
                 See Perl. See Perl Run. Run Perl, Run!

======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).