Solved

FTP with user database

Posted on 2002-03-08
5
214 Views
Last Modified: 2010-03-18
Dear group,

Our web site has recently been hacked due to vulnerabilities in our anonymous FTP policies.

We would like to grant all of our paying members anonymous FTP access without maintaining equivalent shell accounts. That is, we would like to have userX log into FTP with his password (as stored in our database), and access a directory that would be created and chroot'd for him (if it didn't exist) under ~/ftp/pub/userx

Is this possible? What software do I need, and how do I go about setting this up?
0
Comment
Question by:Tonyboy
5 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 6851615
ProFTP has a good reputation but I don't have any direct experience. http://www.proftpd.org/
0
 
LVL 40

Accepted Solution

by:
jlevie earned 300 total points
ID: 6853107
As MFCRich suggests, ProFTP is a good solution for this type of set up. A commercial alternative is NcFTP (http://www.ncftp.com/ncftpd/). Both can use an authentication database separate from the system authentication method, allowing you to grant FTP access without the user needing to have a Linux account. And both are designed to run the server as an non-privileged user. The later feature increases the security of the system dramatically.

I use both of those servers for FTP access to "Black Box" servers that don't have Linux accounts for the clients. The only Linux accounts that exist are those of root and a couple of system administrators.The email system on those boxes is built around Cyrus IMAP, which also can use a non-system authentication method. I'm of the opinion that NcFTP is the easier of the two to set up and administer, mainly because the documentation is better. It's well worth the money.
0
 
LVL 4

Expert Comment

by:svindler
ID: 6858035
ProFTPD's configuration file look very much like Apache.
If you use ProFTPD as suggested, you probably want to look at UserDirRoot which does the chroot for you and AuthUserFile which allows you to use a separate file in /etc/passwd-format. If this is not what you want, you can use a named PAM module with the AuthPAMConfig directive.
0
 
LVL 3

Expert Comment

by:DVB
ID: 6907422
Its DefaultRoot, and not UserDirRoot.
Yet another recommendation for proftpd.
0
 

Expert Comment

by:CleanupPing
ID: 9078534
Tonyboy:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
resolv.conf empty ubuntu server 14 3 73
E-mail settings for Fail2ban 7 132
linux, squid, exchange 14 159
iptables ubuntu BLOCK all 2 83
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question