Administration
  Home arrow Administration arrow Page 2 - Setting Up wuftpd for Non-Anonymous Ac...
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
IBM Developerworks
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
ADMINISTRATION

Setting Up wuftpd for Non-Anonymous Accounts
By: Glenn Fleishman
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 3
    1999-04-06

    Table of Contents:
  • Setting Up wuftpd for Non-Anonymous Accounts
  • User environment
  • The /etc/ftpaccess file
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
     
    ADVERTISEMENT

    PCmover - $15 Off with Coupon Code CJPH7Q

    Setting Up wuftpd for Non-Anonymous Accounts - User environment
    (Page 2 of 3 )

    Setup a chroot user environment for each location
    This is a bit trickier. What you're essentially doing is creating a skeleton root filesystem with enough of the pieces necessary (libraries, password files, etc.) to allow Unix to do a chroot when the user logs in.

    I find this process very weird, in some ways, as you have to create a number of odd files. First create all the directories. For the purposes of this example, let's assume your true root is "/usr/www". So first, cd to /usr/www. Then

    $ mkdir bin
$ mkdir dev
$ mkdir etc
$ mkdir usr
$ mkdir usr/lib

    Chmod them all to 0555:

    $ chmod 0555 {bin,dev,etc,usr,usr/lib}

    Next, you have to populate each of these areas. Copy /bin/ls and /bin/more to /usrw/ww/bin. chmod their permissions to 111. (You don't want users to be able to modify the binaries.)

    Cd to dev. You'll need to create a zero file so that Unix can make zeroes. Don't ask me - read the man page. A simple command creates it:

    $ mknod -m 666 zero c 1 5
$ chown root.mem zero

    Next, figure out what libraries you need to copy to make ls and more work. You can do this by entering ldd ls and ldd more. Whatever libraries they use, copy them to /usr/www/usr/lib.

    Finally, create the group and passwd files in etc. This should not be the same as your true ones. The passwd file in the chroot environment should have entries like:

    root:*:0:0:Root:/:/bin/noshell
frogstar:*:5035:2010::/frogstar/:/bin/noshell

    You shouldn't include passwords - just use a * to prevent a password from being used. Users will be able to read this file, but it's really meaningless. It's just needed by the ftp daemon. The group file should correspond to your normal group file.

    frogstars:*:2010:frogstar

    If you use the same UID and GID (user and group ids), then ls will correctly display ownership. You want to create groups, even with a single member, to use the guestgroup directive in the ftpaccess file described below.

    You should now be set to allow users to FTP into this environment. If you want to create totally protected environments, you need to go down a level for each Web directory and create all of these files - there may be an easier way, but I don't know of it.

    Next: The /etc/ftpaccess file >>
     

    More Administration Articles
    More By Glenn Fleishman


     
    >>> Be the FIRST to comment on this article!

       

    ADMINISTRATION ARTICLES

    - Configuring Load-Balanced Clusters
    - Load-Balanced Clusters
    - UNIX Time Format Demystified
    - Making Changes in the CVS
    - Building Your First CVS Repository
    - CVS Quickstart Guide
    - Authorizing Users in Samba
    - Handling User Accounts in Samba
    - Authentication in Samba
    - Accounts, Authentication, and Authorization
    - Advanced Concepts on Dealing with Files and ...
    - Dealing with Files and Filesystems
    - More Hacks for the User Environment in BSD
    - Personalizing the User Environment in BSD
    - Customizing the User Environment in BSD
    Find More Administration Articles
     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway