[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

FTP with user database

Posted on 2002-03-08
5
Medium Priority
?
257 Views
Last Modified: 2010-03-18
Dear group,

Our web site has recently been hacked due to vulnerabilities in our anonymous FTP policies.

We would like to grant all of our paying members anonymous FTP access without maintaining equivalent shell accounts. That is, we would like to have userX log into FTP with his password (as stored in our database), and access a directory that would be created and chroot'd for him (if it didn't exist) under ~/ftp/pub/userx

Is this possible? What software do I need, and how do I go about setting this up?
0
Comment
Question by:Tonyboy
5 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 6851615
ProFTP has a good reputation but I don't have any direct experience. http://www.proftpd.org/
0
 
LVL 40

Accepted Solution

by:
jlevie earned 1200 total points
ID: 6853107
As MFCRich suggests, ProFTP is a good solution for this type of set up. A commercial alternative is NcFTP (http://www.ncftp.com/ncftpd/). Both can use an authentication database separate from the system authentication method, allowing you to grant FTP access without the user needing to have a Linux account. And both are designed to run the server as an non-privileged user. The later feature increases the security of the system dramatically.

I use both of those servers for FTP access to "Black Box" servers that don't have Linux accounts for the clients. The only Linux accounts that exist are those of root and a couple of system administrators.The email system on those boxes is built around Cyrus IMAP, which also can use a non-system authentication method. I'm of the opinion that NcFTP is the easier of the two to set up and administer, mainly because the documentation is better. It's well worth the money.
0
 
LVL 4

Expert Comment

by:svindler
ID: 6858035
ProFTPD's configuration file look very much like Apache.
If you use ProFTPD as suggested, you probably want to look at UserDirRoot which does the chroot for you and AuthUserFile which allows you to use a separate file in /etc/passwd-format. If this is not what you want, you can use a named PAM module with the AuthPAMConfig directive.
0
 
LVL 3

Expert Comment

by:DVB
ID: 6907422
Its DefaultRoot, and not UserDirRoot.
Yet another recommendation for proftpd.
0
 

Expert Comment

by:CleanupPing
ID: 9078534
Tonyboy:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question