FTP with user database

Dear group,

Our web site has recently been hacked due to vulnerabilities in our anonymous FTP policies.

We would like to grant all of our paying members anonymous FTP access without maintaining equivalent shell accounts. That is, we would like to have userX log into FTP with his password (as stored in our database), and access a directory that would be created and chroot'd for him (if it didn't exist) under ~/ftp/pub/userx

Is this possible? What software do I need, and how do I go about setting this up?
TonyboyAsked:
Who is Participating?
 
jlevieCommented:
As MFCRich suggests, ProFTP is a good solution for this type of set up. A commercial alternative is NcFTP (http://www.ncftp.com/ncftpd/). Both can use an authentication database separate from the system authentication method, allowing you to grant FTP access without the user needing to have a Linux account. And both are designed to run the server as an non-privileged user. The later feature increases the security of the system dramatically.

I use both of those servers for FTP access to "Black Box" servers that don't have Linux accounts for the clients. The only Linux accounts that exist are those of root and a couple of system administrators.The email system on those boxes is built around Cyrus IMAP, which also can use a non-system authentication method. I'm of the opinion that NcFTP is the easier of the two to set up and administer, mainly because the documentation is better. It's well worth the money.
0
 
MFCRichCommented:
ProFTP has a good reputation but I don't have any direct experience. http://www.proftpd.org/
0
 
svindlerCommented:
ProFTPD's configuration file look very much like Apache.
If you use ProFTPD as suggested, you probably want to look at UserDirRoot which does the chroot for you and AuthUserFile which allows you to use a separate file in /etc/passwd-format. If this is not what you want, you can use a named PAM module with the AuthPAMConfig directive.
0
 
DVBCommented:
Its DefaultRoot, and not UserDirRoot.
Yet another recommendation for proftpd.
0
 
CleanupPingCommented:
Tonyboy:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.