Home arrow Site Administration arrow Page 2 - Setting Up wuftpd for Non-Anonymous Accounts

User environment - Administration

For some reason, it's extremely hard to find all the documentation you need to easily set up wuftpd to allow FTP to semi-secure areas of a Unix filesystem. It's relatively simple to setup anonymous FTP, where the user has little or no access. But there are many occasions where you might want to allow users to have access to, for instance, Web site directories without allowing them to get into higher levels.

TABLE OF CONTENTS:
  1. Setting Up wuftpd for Non-Anonymous Accounts
  2. User environment
  3. The /etc/ftpaccess file
By: Glenn Fleishman
Rating: starstarstarstarstar / 3
April 06, 1999

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Setup a chroot user environment for each location
This is a bit trickier. What you're essentially doing is creating a skeleton root filesystem with enough of the pieces necessary (libraries, password files, etc.) to allow Unix to do a chroot when the user logs in.

I find this process very weird, in some ways, as you have to create a number of odd files. First create all the directories. For the purposes of this example, let's assume your true root is "/usr/www". So first, cd to /usr/www. Then


$ mkdir bin $ mkdir dev $ mkdir etc $ mkdir usr $ mkdir usr/lib

Chmod them all to 0555:


$ chmod 0555 {bin,dev,etc,usr,usr/lib}

Next, you have to populate each of these areas. Copy /bin/ls and /bin/more to /usrw/ww/bin. chmod their permissions to 111. (You don't want users to be able to modify the binaries.)

Cd to dev. You'll need to create a zero file so that Unix can make zeroes. Don't ask me - read the man page. A simple command creates it:


$ mknod -m 666 zero c 1 5 $ chown root.mem zero

Next, figure out what libraries you need to copy to make ls and more work. You can do this by entering ldd ls and ldd more. Whatever libraries they use, copy them to /usr/www/usr/lib.

Finally, create the group and passwd files in etc. This should not be the same as your true ones. The passwd file in the chroot environment should have entries like:


root:*:0:0:Root:/:/bin/noshell frogstar:*:5035:2010::/frogstar/:/bin/noshell

You shouldn't include passwords - just use a * to prevent a password from being used. Users will be able to read this file, but it's really meaningless. It's just needed by the ftp daemon. The group file should correspond to your normal group file.


frogstars:*:2010:frogstar

If you use the same UID and GID (user and group ids), then ls will correctly display ownership. You want to create groups, even with a single member, to use the guestgroup directive in the ftpaccess file described below.

You should now be set to allow users to FTP into this environment. If you want to create totally protected environments, you need to go down a level for each Web directory and create all of these files - there may be an easier way, but I don't know of it.



 
 
>>> More Site Administration Articles          >>> More By Glenn Fleishman
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: