Help Needed in several areas -- FTP

Roger Grosswiler roger at gwch.net
Tue Apr 12 06:15:37 UTC 2005


> On Mon, 2005-04-11 at 23:02, Tim Holmes wrote:
>> Ok -- First off -- Thanks to all who helped me getting samba working --
>> it works perfectly and is very little effort to administer, and through
>> the help of one of our graduates, I got NFS up and running tonight so I
>> am sharing home directories across the network -- also very nice
>>
>>
>> In the course of our discussion of SAMBA someone suggested that I am
>> actually doing a disservice to our students by allowing them to post
>> files to their web sites over samba shares, and that I should actually
>> make them do it via FTP because that is much more likely how they will
>> be doing it.
>>
>> After some consideration, I have reached the following conclusion, I
>> will have my Front Page class (8th graders) using FTP, and the 9th Grade
>> class (Dreamweaver) using direct file transfers.
>>
>> Now comes the problem
>>
>> --  How to make ftp work right for this scenario.  I have previously
>> installed PROFTPD on the webserver, and have been using it for just
>> myself for remote access for website work etc.  When I login, I must
>> supply the full path to the proper folder (not a big deal for me)
>> (totally confusing for an 8th grader)
>>
>> I am open to ditching proftpd if necessary, and going to some other form
>> if that's better, but I need some direction in where to go.  I have
>> discovered that the PROFTPD config file is similar to apache, but im a
>> bit lost on how to achieve what I want.  Ideally, the users would be
>> able to authenticate against the Active Directory, but if not they could
>> have a separate username and password within PROFTPD.
>>
>> I need your help and suggestions on this
>>
>
> Tim,
>
> I have not use Proftp, but some suggestions:
>
> Setup a user on the machine hosting the PROFTP etc which does not have a
> login shell (to stop then doing anything by connecting directly to the
> machine) and the home directory is the root directory of the Web sever
> you need to upload the web ages to.
>
> ISTR that PROFTP has the option of CHROOTing the users to there home
> directory. You may need to play around with the permissions to get it
> right.
>
> When this user ftp's to te server they are locked to the 'home'
> directory and cannot go outside of it and any directories below.
>
>
> There are several Howto's on doing this if you do a Goggle search.
>
> Rob
>
Chrooting is extremly easy with the shipped vsftpd ftp-server. Just config /etc/vsftdp/vsftdp.conf to your needs and
add: chroot_local_user=yes

Or you leave this option a input a file from users to chroot. Indicate this in /etc/vsftdp/vsftdp.conf under
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list <-

This chroots all your users/wished users, so they just pass username/password and are in their homedir. Also make
sure, that anonymous access is denied.

run service vsftpd start - thats it!

Roger




More information about the fedora-list mailing list