[lug] ftp-only user ids without sendmail, pop, global read, etc.

kenw at ihs.com kenw at ihs.com
Mon Nov 1 08:40:19 MST 1999


	I'm not really sure if this meets your needs, but have you looked
at using proftpd? It features configuration files like apache and from my 
cursory look it might be what you're looking for.

http://www.proftpd.org/

* Neal McBurnett (neal at bighorn.dr.lucent.com) [991029 12:40]:
> I want to allow a bunch of minimally-privileged users to update stuff
> on a web site with ftp.  Each user should not have read or write
> permission outside their own directory or else they could read files
> elsewhere on the server that are protected via http .htaccess files.
> 
> We don't want to affect other services on the machine or permission
> issues.  E.g. these users should not be able to login, receive email,
> retrieve email, etc.  FTP-only users would still need a way to change
> their passwords.
> 
> I know from the httpd side (apache) how to prevent them from doing cgis
> and server-side-includes (anything else I've forgotten for the
> moment?)
> 
> I found some info on configuring wu-ftp (we are using
> FTP Version wu-2.6.0(1) Wed Oct 20 10:51:40 MDT 1999) at the
> WU FTP FAQ.  E.g. information on the "no-telnet" desire is at
> 	http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA59
> 
> But that mentions an issue with people being able to receive email.  I
> don't know if they would be able to read it or not via pop.  If so
> that seems like a bigger problem.  If not it would still seem a good
> idea to turn off mail delivery for these users.
> 
> The fact that /etc/ftponly is in /etc/shells would also seem to
> mean that this user might even be able to execute commands thru
> email via the right config files in their home directory.
> Is that (or can it be) turned off in the sendmail config file?
> 
> I've heard of one way to set up ftp to restrict access to only
> one directory, but it involves chroot and copies of the ftp
> bin area.  Is there a way without all those silly copies (which
> would then show up on the web....)?
> 
> 
> For some visions of other new and future ways for distributed
> maintenance of web sites (WebDAV, CVS, DELTA-V) see this recent
> article:
> 	http://www.webtechniques.com/archives/1999/10/whitehead/
> 
> But I think that although some of those things are available now,
> they don't really address our need to provide simple, standard
> safe, well-tested tools for novice users....
> 
> Cheers,
> 
> Neal McBurnett <nealmcb at bell-labs.com>  303-538-4852 Denver
> Bell Labs / Lucent Technologies
> http://bcn.boulder.co.us/~neal/      (with PGP key)
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 
Ken Weinert   kenw at ihs.com 303-858-6956 (V) 978-336-5652 (F)
PGP: DF 2B 6C 72 33 BE 06 D1  9D C4 ED 32 36 97 C0 6E
Asi um i tio -- Hero is hidden





More information about the LUG mailing list