vsftpd, firewall, and multiple users?
first question:
i can ftp into my computer from another machine just fine. the only problem is i have to drop the firewall in order to do it. when the firewall is on, i can not log in even with pots 20-21 open. when i drop the firewall i can connect. when the firewall is dropped and i log in another port opens up way up in the 20000 range. this seems to be relativly random. since ports up to 1024 are for system processes, would it be a good idea to open all ports above 1024, so that the random ports needed for ftp can be accessed? is there a better way to do it? i know it is not good to have open ports but how much of a security risk is it to have all ports above 1024 open? (by open i mean add a rule to firestarter to allow connections through the ports)
second question:
i want to have 3 areas in my ftp server but limit access to them depending on the user. for example i would have /home/ftpusers as the main area and under that i would have three folders. /home/ftpusers would be accessable to all users with a password and username. but the three folders would be limited to certain users. what i am thinking of doing is making localuser accounts all with the home directory of /home/ftpusers ( i will jail everyone, in thier home directory) and make all those users part the group ftpusers1. then i would set the group permission of the /home/ftpuser folder to 777. what an easy effective way to limit access to the three folders under /home/ftpusers? should i create three seperate groups and set ownership of the folder to each group and then add users to those groups?
i am using vsftpd.
thanks in advance
|