Solved

FTP with user database

Posted on 2002-03-08
5
241 Views
Last Modified: 2010-03-18
Dear group,

Our web site has recently been hacked due to vulnerabilities in our anonymous FTP policies.

We would like to grant all of our paying members anonymous FTP access without maintaining equivalent shell accounts. That is, we would like to have userX log into FTP with his password (as stored in our database), and access a directory that would be created and chroot'd for him (if it didn't exist) under ~/ftp/pub/userx

Is this possible? What software do I need, and how do I go about setting this up?
0
Comment
Question by:Tonyboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 6851615
ProFTP has a good reputation but I don't have any direct experience. http://www.proftpd.org/
0
 
LVL 40

Accepted Solution

by:
jlevie earned 300 total points
ID: 6853107
As MFCRich suggests, ProFTP is a good solution for this type of set up. A commercial alternative is NcFTP (http://www.ncftp.com/ncftpd/). Both can use an authentication database separate from the system authentication method, allowing you to grant FTP access without the user needing to have a Linux account. And both are designed to run the server as an non-privileged user. The later feature increases the security of the system dramatically.

I use both of those servers for FTP access to "Black Box" servers that don't have Linux accounts for the clients. The only Linux accounts that exist are those of root and a couple of system administrators.The email system on those boxes is built around Cyrus IMAP, which also can use a non-system authentication method. I'm of the opinion that NcFTP is the easier of the two to set up and administer, mainly because the documentation is better. It's well worth the money.
0
 
LVL 4

Expert Comment

by:svindler
ID: 6858035
ProFTPD's configuration file look very much like Apache.
If you use ProFTPD as suggested, you probably want to look at UserDirRoot which does the chroot for you and AuthUserFile which allows you to use a separate file in /etc/passwd-format. If this is not what you want, you can use a named PAM module with the AuthPAMConfig directive.
0
 
LVL 3

Expert Comment

by:DVB
ID: 6907422
Its DefaultRoot, and not UserDirRoot.
Yet another recommendation for proftpd.
0
 

Expert Comment

by:CleanupPing
ID: 9078534
Tonyboy:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question