[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FTP system using PAM



You should have read more documentation,

Shouldn't everyone? :P


IMHO, using wu on a "secure" ftp system is a contradiction in terms :)  I
don't want to start a holy war, but vsftpd is doing very nicely.  It even
supports pam (in fact, that is what is recommended).

Sorry; I can't use ver. 0.0.15 software on a production server. I've looked at ProFTPD as an alternative, but it almost seems worse than WU. There's almost always an un-patched exploit for it.


auth sufficient /lib/security/pam_bleh_for_ftppasswd.so
auth required /lib/security/pam_unix.so

Yeah, I figured that part out. The difficult part is actually getting a file in the format that I need for pam_pwdfile.so



Don't know any way of doing this easily at the moment.  You obviously need
an "adduser utilitity" that uses pam, not sure if one exists.

Not one that uses PAM necessarily, just one that can put/generate usernames:encrypted_passwords someplace besides /etc/passwd


Like I said, don't use wu if security is a concern.  As far as the
uid/gid/permissions go, I didn't quite follow what you were saying.

Here's the problem in a little more detail. All my web sites have two main directories: htdocs and cgi-bin. Htdocs is owned by user web and cgi-bin is owned by user cgi for every site I host. Any ftp daemon will try to run as the user logged in (a user from either /etc/passwd or /etc/ftppasswd), but of course the directory I'm chrooting them to is owned by either web or cgi. I don't want to have each site owned by a different user; that's a nightmare for more than a handful of sites. Also, the ftp program is the only application on the system that uses PAM, everything else uses traditional authentication methods (Slackware 7.0/1). This problem is really not within the scope of this list, however.


Kelly


-- -------------------------------------------- -- Kelly Corbin -- Systems Administrator -- -- http://www.theiqgroup.com -- -- The IQ Group, Inc. -- 6740 Antioch Suite 110 -- Merriam, KS 66204 -- (913)-722-6700 -- Fax (913)722-7264 --------------------------------------------





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []