Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-18-2007, 10:47 AM   #1
LQ Newbie
Registered: Dec 2007
Posts: 1

Rep: Reputation: 0
Automatically set up FTP only accounts for accepting datafeeds


I'm trying to create a website that will accept and process datafeeds but with only a limited knowledge of php I have become unstick rather quickly.

I'm trying to make it that people can register on our site and they will then be set up and sent their ftp log-in details automatically but am a little stuck as to how to do this.

The plan is:

- Each new user request generates a new folder in an uploads directory. The folder name would be that persons unique id from the mysql userid primary key.

-The ftp only account, chrooted into that specific folder, is automatically created on the system (-really stick as to how to do this )

-login details are automatically sent to the user

-a cron job scans each folder to see if new files have been added and process the datafeed if a new file has been uploaded.

-at the end of the day another cron job moves all the files into an archive folder

I'm sure there must be a better way of doing this so any help would be much appreciated!
Old 12-19-2007, 05:23 AM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Originally Posted by RedhatLearner View Post
with only a limited knowledge of php I have become stuck rather quickly.
Then I urge you (do not read that as "ask" or "suggest") to search for current, maintained and supported packages that already provide (parts) of what you need. Not only will it save you time but it will also mean you can ask for support and implies it will have better testing and security than you can come up with (with all due respect). See Freshmeat, Sourceforge and Nongnu.

If you still want to go the "home brew" way, good luck, and here's some unsorted questions / comments for you:
- How do you verify any user input doesn't include chars you should exclude?
- How do you react to illegal input? Scrub or deny?
- What's the time between account creation and upload readiness?
- Do you detect "free" email providers and woudl that be a good thing?
- Do you detect username iterations? Should you?
- Do you intend to allow these services only over SSL? Why not?
- What's the maximum amount of files a user can dump on the system? Per file filesize? How do you check that? How often?
- Vsftpd allows you to create "virtual" users. A FTP-only account doesn't need an account on the system.
- Does processing the datafeed include a validity check? Why not?

I'll leave you with some links (from the LQ FAQ: Security references) that may or may not make for an interesting read:

Web Security Appliance With Apache and mod_security (SF):
Securing Apache Step-by-Step:
Securing apache2:

Apache suEXEC Support:
HOWTO Install PHP with SuExec:
HOWTO Install PHP as CGI with Apache's suEXEC Feature:
How to set up suexec to work with virtual hosts and PHP (+PHP +public_html patch):

PHP and the OWASP Top Ten Security Vulnerabilities:
Top 7 PHP Security Blunders:
PHP Security Guide: (PHP Security Library: Security Guide considered harmful:
PHP: Preventing register_global problems:
Securing PHP Step-by-Step:
PHP Security:
Security of PHP: (PHP Foundations:
Auditing PHP, Part 1: Understanding register_globals:
Hardened PHP:
Web application security:

Checking PHP
Pixy (Check cross-site scripting and SQL injection):

Exploiting Common Vulnerabilities in PHP Applications

Application security testing
Open Web Application Security Project (OWASP):
Springenwerk Cross Site Scripting (XSS) security scanner:

BTW: if you think you needn't read those I can only wish you may live in interesting times.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Move FTP Accounts L1nuxbug Linux - Server 1 06-08-2007 05:46 AM
sendmail set up for email accounts banner Linux - General 1 07-05-2005 08:19 AM
Samba Fails to create machine accounts automatically. ghotip Linux - Distributions 7 10-17-2003 04:26 PM
ftp/telnet not accepting connections mstembri Linux - Newbie 6 10-05-2003 02:11 PM
restricting accounts in wu-ftp dkc_ace Linux - Software 18 01-11-2003 11:14 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:55 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration