[CDBUG-talk] FTP user for Wordpress Management

[Fongaboo]

Wanted to bounce this off you guys...

I run a FAMP colo box that has a bunch of Wordpress sites on it at this 
point. Depending on users to keep Wordpress and plugins up to date hasn't 
proved too successful.

So we want to run a plugin called InfiniteWP that lets us centrally 
administrate all WP sites. However it requires that FTP credentials be 
stored in each site's config PHP, so that brings with it its own security 
concerns.

Since all relevant Wordpress files have to be owned by the www group and 
perm'ed 775, I thought it would be good to make one UNIX user that has 
just the abilities needed by the plugin and join it to the www group. Then 
I'd put those credentials in every WP config file and perm them 640.

First, I am wondering if this is a good idea, or is it still better to do 
different credentials per config file.

Second, if it is a good idea, I am wondering how to make a user that can 
1) FTP and FTP only and 2) can see outside chroot.

On #1, I could swear I used to make FTP-only accounts just by setting 
shell to nologin, but then even FTP login failed.

On #2, is the only way to do this to add the user to the wheel group? 
Which is kind of scary, amirite?


P.S. I am running ProFTPd if that matters

P.P.S. When are we gonna get back together?