Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a SUSE Linux Enterprise server 9 that is running FTP. I can now allow users access to it, but I want to deny Anonymous access, even though they really cannot do much, I would still like to disable that access. Is this possible? How is it done, if so?
Also, my users will be able to upload files to their own individual html directories (/home/user/public_html) but I wanted to know how to limit the size of these directories. I am sure we will have some users who will think they can upload anything they want, and I don't want that. Is there a way to do this as well, and if so how? As an added note, I am running Apache as my web server.
Thanks in advance for any suggestions, I really appreciate everyone's help.
If you're using proftpd, here's (part of) my config file:
Code:
<Global>
RequireValidShell on
LoginPasswordPrompt off
<Limit LOGIN>
DenyUser anonymous
</Limit>
MaxLoginAttempts 3
# To cause every FTP user to be "jailed" (chrooted) into a directory,
# uncomment this line.
DefaultRoot /multimedia
AllowStoreRestart on
AllowRetrieveRestart on
DisplayLogin welcome.msg
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
</Global>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Limit the maximum number of anonymous logins
# MaxClients 10
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
DisplayLogin welcome.msg
# DisplayFirstChdir .message
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
If you're using another server doubtless there will also be something like this in your config file.
There's no need to review any long and complex configuration file, where possible mistakes could have security and reliability implications. Pure-FTPd uses simple command-line switches to enable the features you need.
You can limit the number of simultaneous users, limit their bandwidth to avoid starving your ADSL or cable-modem link, hide system files (chroot), have upload/download ratios, and moderate new uploads. Custom messages can be displayed at login-time (even changing fortune files) and when an user enters a new directory. Also, to avoid your disks being filled up, you can defined a maximal percentage, and new uploads will be disallowed once this percentage is reached.
The FXP (server-to-server) protocol is implemented. It can be available for everyone, or only for authenticated users.
Kiddies are using common brute-forcing tools that are trying to discover hidden directories. Pure-FTPd provides a protection against this. Anonymous access is secure by default. For instance, users can't access dot-files (.bash_history, .rhosts, ...) unless you explicitely enable this.
Unfortunately, there doesn't seem to be a whole lot of information on how to *disable* it, should you want to (and I heartily applaud that you want to, btw).
However, it looks like enforcing quotas is relatively simple:
- '-n <max files>:<max size>': If the server has been compiled with support
for virtual quotas, enforce these quota settings for all users (except members of the 'trusted' group) . <max size> is in Megabytes. See the "virtual quotas" section later in this document. (from http://www.pureftpd.org/README)
Last edited by rose_bud4201; 02-24-2005 at 03:35 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
