Solved

FTP with user database

Posted on 2002-03-08
5
190 Views
Last Modified: 2010-03-18
Dear group,

Our web site has recently been hacked due to vulnerabilities in our anonymous FTP policies.

We would like to grant all of our paying members anonymous FTP access without maintaining equivalent shell accounts. That is, we would like to have userX log into FTP with his password (as stored in our database), and access a directory that would be created and chroot'd for him (if it didn't exist) under ~/ftp/pub/userx

Is this possible? What software do I need, and how do I go about setting this up?
0
Comment
Question by:Tonyboy
5 Comments
 
LVL 4

Expert Comment

by:MFCRich
Comment Utility
ProFTP has a good reputation but I don't have any direct experience. http://www.proftpd.org/
0
 
LVL 40

Accepted Solution

by:
jlevie earned 300 total points
Comment Utility
As MFCRich suggests, ProFTP is a good solution for this type of set up. A commercial alternative is NcFTP (http://www.ncftp.com/ncftpd/). Both can use an authentication database separate from the system authentication method, allowing you to grant FTP access without the user needing to have a Linux account. And both are designed to run the server as an non-privileged user. The later feature increases the security of the system dramatically.

I use both of those servers for FTP access to "Black Box" servers that don't have Linux accounts for the clients. The only Linux accounts that exist are those of root and a couple of system administrators.The email system on those boxes is built around Cyrus IMAP, which also can use a non-system authentication method. I'm of the opinion that NcFTP is the easier of the two to set up and administer, mainly because the documentation is better. It's well worth the money.
0
 
LVL 4

Expert Comment

by:svindler
Comment Utility
ProFTPD's configuration file look very much like Apache.
If you use ProFTPD as suggested, you probably want to look at UserDirRoot which does the chroot for you and AuthUserFile which allows you to use a separate file in /etc/passwd-format. If this is not what you want, you can use a named PAM module with the AuthPAMConfig directive.
0
 
LVL 3

Expert Comment

by:DVB
Comment Utility
Its DefaultRoot, and not UserDirRoot.
Yet another recommendation for proftpd.
0
 

Expert Comment

by:CleanupPing
Comment Utility
Tonyboy:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now