[lug] LAMP FTP setup

[dio2002 at indra.com]

>> 1) question though.. each user directory is still
>> going to require separate user permissions.  that
>> essentially means creating a user account for each
>> user even though the authentication now takes place
>> via sequre ftp to mysql db versus standard password
>> tables.  so it looks like regardless of the approach
>> used, a user account needs to be created right?
>>
>> 2) i imagine i can just lock the account or set the
>> default shell to none for each of those real system
>> accounts so that those accounts are basically useless
>> right (safe)?  is that the right approach or am i off
>> here?
>
> I don't have documentation of how we had this set up, but it is entirely
> possible to have ftp users that do not have an account on the system.  I
> don't manage any FTP servers anymore (strictly sFTP) but we used ProFTPd
> and it had this capability.  I believe PureFTPd is the better choice now
> and has the same features.  Here is a link on setting it up on Debian:
>
> http://www.howtoforge.com/pureftpd_mysql_virtual_hosting

i just found similar links on howtoforge as well.. thanks for hint

> We had it configured so that ProFTPd created the user's dir on the fly.
> In other words, from a provisioning standpoint we simply propagated the
> MySQL db with the user account info (including dir, shell, and quota
> info) and ProFTPd took care of the rest.  Upon successful authentication
> to the db, ProFTPD created the user's dir and set the permissions.  We
> were only dealing with userdir and not separate sites, but I am sure it
> can be done for separate sites as well.

so it sounds like what you're saying is that the user directory /
permissions are not typical SYSTEM user account id / permisions.  they are
sort of pseudo representations of those same paradigms but managed
entirely by the proftpd process / server.  right?