[lug] LAMP FTP setup
George Sexton
gsexton at mhsoftware.com
Tue Jun 5 22:12:41 MDT 2007
As has been beaten to death here, FTP is brain dead. There are plenty of
free SSH clients, including Windows ones. Make them use SSH.
Create a file named sftponly in the /bin directory and put this script
in it. Finally, add sftponly to /etc/shells and make it their shell.
This will prevent the users from using interactive SSH
#!/bin/sh
#
# sftponly shell
#
# Shell arguments must be -c /opt/ssh/libexec/sftp-server echo $1 >>
/tmp/ftponly.log
if [ "$1" != "-c" ] || [ "$2" !="/usr/lib/ssh/sftp-server" ]; then
logger authpriv.warning "SSHD: interactive login attempted by $USER"
echo "Error: sftpshell only runs the sftp-server program."
exit 1
fi
shift 2
/usr/lib/ssh/sftp-server $*
karl horlen wrote:
> i'm wondering what the safest / best way is to allow
> different site owners to be allowed ftp access to
> their own virtual host directory (or related directory
> aliased into their virtual host directory) on a lamp
> web server.
>
> i'm trying to avoid giving the users system accounts
> to make this work but i don't think that's possible.
>
> anybody have a bulletproof approach?
>
> thanks
>
>
>
> ____________________________________________________________________________________
> Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
> http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
--
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL: http://www.mhsoftware.com/
More information about the LUG
mailing list