anonymous login to ftp

vigilkumar · 11-18-2009, 11:49 AM

hi i want to know how to allow all the users of a particular domain anonymous access to my ftp server.I also dont want other users other than from this particular domain access my ftp server anonymously.i am using red hat enterprise linux version 4.

ShadowCat8 · 11-18-2009, 11:58 AM

Hmmm....

Well, lets start with which ftp package are you using?

And a question I have would be: Are you going to allow authenticated access from everywhere else? Or is it only out to the web so the folks from that domain can drop you files that can't be emailed?

Let us know.

rweaver · 11-18-2009, 12:45 PM

Quote:

Originally Posted by vigilkumar

hi i want to know how to allow all the users of a particular domain anonymous access to my ftp server.I also dont want other users other than from this particular domain access my ftp server anonymously.i am using red hat enterprise linux version 4.

Depending on the ftp daemons features this may be easily feasible or you might need to turn to an outside source (iptables) to accomplish this. As the previous poster suggested, knowing what ftp daemon you're using is the first step.

lazlow · 11-18-2009, 01:54 PM

Assuming you do not need any external access, you could just set you hosts.allow file appropriately.

vigilkumar · 11-19-2009, 04:21 AM

i am using the vsftpd daemon.To use the hosts.allow file the vsftpd has to run as a xinetd controlled service; right? if it is so then how should i run vsftpd as an xinetd service so that i can allow anonymous access to users of a particular domain only.

ShadowCat8 · 11-19-2009, 02:17 PM

Quote:

Originally Posted by vigilkumar

i am using the vsftpd daemon.To use the hosts.allow file the vsftpd has to run as a xinetd controlled service; right? if it is so then how should i run vsftpd as an xinetd service so that i can allow anonymous access to users of a particular domain only.

Ummm, no. The /etc/hosts.allow file does not need to have inetd/xinetd running to be effective. We do not run (x)inetd at my office at all, though we *do* run sshd, samba, apache, tomcat, etc. and use /etc/hosts.[allow,deny] to get finer access control to services.

But, I am still a bit curious and/or confused as to why you are needing anonymous access to the server from one specific domain. It seems a dangerous way to go for security, IMHO. Is this one of the domains you control and are trying to tie connections between that domain and another?

As far as getting this set up, it would seem that you can definitely use the /etc/hosts.allow file to look for connections coming from the specific domain and for the specific daemon (vsftpd) and have it run a script when the server sees the connection coming in to be able to set up your connection any way you want. I was looking at the vsftpd config manual and it seems like they have the capability of separating the anonymous access away from the regular user access as well if you want.

HTH.