Setting Up wuftpd for Non-Anonymous Accounts (
Page 1 of 3 )
For some reason, it's extremely hard to find all the documentation you need to easily set up wuftpd to allow FTP to semi-secure areas of a Unix filesystem. It's relatively simple to setup anonymous FTP, where the user has little or no access. But there are many occasions where you might want to allow users to have access to, for instance, Web site directories without allowing them to get into higher levels.For some reason, it's extremely hard to find all the documentation you need to easily set up wuftpd to allow FTP to semi-secure areas of a Unix filesystem. It's relatively simple to setup anonymous FTP, where the user has little or no access. But there are many occasions where you might want to allow users to have access to, for instance, Web site directories without allowing them to get into higher levels.
There's only a few things you have to do, but failure to do any one of them results in frustration and failure.
I'm eager to keep improving this as a simplified account of how to set up an FTP server, so please
write me with comments or improvements.
Install the Latest VersionWuftpd (originally maintained by Washington University in St. Louis) is the standard FTP server used on Linux and most Unix boxes. It has great flexibility and configuration, but languished for lack of updates for quite a while, though sporadic attempts were made to maintain the last beta (from 1995 or so).
However, a new group is spearheading regular releases fixing security holes and bugs, and making wuftpd more compatible with modern operating system versions. Before proceeding below, get the latest "VR" release at ftp://ftp.vr.net/pub/wu-ftpd. Download the release named "...-vrXX.tar..." at the end.
A 2.5 release is expected soon, as is a site dedicated to wuftpd. The VR releases don't use the Red Hat "rpm" system, but are easy enough to make and install.
Setup an FTP user account for each userThis has to be separate from a regular user account with unlimited access, because of how the "chroot" environment works. Chroot makes it appear from the user's perspective as if the level of the filesystem you've palced them in is the top level of the file system. In /etc/password, you add a line like
frogstar:/ZFp0Rfh7B8PE:5035:2010::/usr/www/./frogstar/:/bin/noshell
The account is frogstar, but you'll notice the path to the home directory is a bit odd. The first part - /usr/www/ - indicates the filesystem that should be considered their new root. The dot divides that from the directory they should be automatically chdir (change directory'd) into, /frogstar/.
The /bin/noshell part disables their login as a regular user. Some Unix systems already have a null shell, so use that instead. Or, create a file in the location /bin/noshell
#!/bin/sh
echo "You don't have login access"
Remember to add /bin/noshell to the /etc/shells file on a line by itself. If /etc/shells doesn't exist, create it, and add all your normal shells plus /bin/noshell.
/ 3 
