Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-14-2015, 11:08 AM
|
#1
|
LQ Newbie
Registered: Mar 2012
Posts: 4
Rep:
|
Bets FTP server for the job - some specific requirements
I'm looking in to setting up an FTP server, actually an SFTP server. The plan is to have it live in the DMZ, so that our clients who are able to pass through that Firewall can get on to it and authenticate, at that point they will be chrooted to a directory.
To make it slightly more complicated, I was hoping that I would be able to allow members of staff to have access to a number of client home folders. The reason for this is that staff may need to give multiple clients access to files, I want to know who is logging in, so rather than give the staff the FTP usernames/passwords for each client I was wondering whether it would be possible to nest the users folders within the department folders, then have a number of staff for each department with the same home directory. I see the layout being something like this:
/FTP/department1/user1
/FTP/department1/user2
/FTP/department1/user3
/FTP/department2/user4
Can anyone see an issue with doing this?
Also, I was hoping I would be able to set up all of these users as virtual users, either via a DB or file, this info would need to be stored locally.
Ideally, I then need some way to manage password aging which ever way it's set up. I know this is possible with system logins, and if I were using a DB I could probably write a cron job to check the age of passwords and disable ones over 90 days old. I'm wondering if there is something out there which will help me do this that I am not currently aware of.
Since I need to set up password aging, it would be best if the client logging in was notified that their password was getting old and prompt them to change it, I'm not sure that would even be possible via normal FTP.
Some of our clients have also informed us that they are not allowed to install FTP software at their company, so some would also require a web frontend to the FTP server.
I guess if it wasn't possible to change password via FTP client, it might be possible to at least tell them it needs changing and prompt them to go to a web portal page to do so. Otherwise every 90 days I will get a torrent of password change requests once the aging kicks in and the passwords no longer work. Plus, I'd rather not be emailing out passwords.
Currently I am unsure of the best FTP server to use, my OS of choice is CentOS (6), I know I can easily install vsftpd, proftpd and pureftpd, and they're all good, with reasonable security, and pro/pure have modules and addons that have been written for them for administration. Personally I don't mind which server we go with, but the requirements I have in mind are making it very difficult for me to settle on one, as I don't think any of them can do everything I want/need.
I know my requirements are quite excessive for FOSS, I've been reading a lot of articles, some of which would help with some features I'm after but none would cover all of them. I'm just wondering, am I asking (way) too much, or is there something out there I haven't come across yet which is exactly what I need?
To summerise, my requirements:
SFTP access - chrooting users
Virtual Users - preferably allowing nesting for staff/clients
Password aging for all SFTP users
Web frontend access to FTP content authing off same system that main SFTP uses
Web frontend allowing users to change their password once logged in
I am aware that there are plenty of paid for FTP server software out there, some of which offer some of these features, I wouldn't be averse to paying a reasonable fee, if it did everything I needed and saved me some headaches.
Any advice at this point is welcome, thanks in advance!
|
|
|
04-14-2015, 11:50 AM
|
#2
|
LQ Guru
Registered: May 2005
Location: boston, usa
Distribution: fedora-35
Posts: 5,326
|
i have no experience with chrooting but from my limited knowledge it seems like an ssh server and modifying users home directory would suffice (sftp clients connect to an ssh server -- not an ftp server).
you also seem to think that sftp and ftp are the same thing but they are pretty different.
Last edited by schneidz; 04-14-2015 at 11:52 AM.
|
|
|
04-14-2015, 01:35 PM
|
#3
|
LQ Newbie
Registered: Mar 2012
Posts: 4
Original Poster
Rep:
|
Quote:
Originally Posted by schneidz
i have no experience with chrooting but from my limited knowledge it seems like an ssh server and modifying users home directory would suffice (sftp clients connect to an ssh server -- not an ftp server).
you also seem to think that sftp and ftp are the same thing but they are pretty different.
|
Hi, I don't want to use system auth for sftp login, I'd rather run a separate FTP server and run virtual users on the server.
|
|
|
04-22-2015, 08:41 PM
|
#4
|
Member
Registered: Sep 2004
Distribution: Slackware 10.2 (2.4.31)
Posts: 119
Rep:
|
You could always look into glftpd.
As to the whole users can't install ftp software, that shouldn't be an issue. Just their regular web browser should suffice. Not sure how that works with sftp though. The other issue you may run into is that the client sites may just block the ftp protocol altogether.
|
|
|
04-24-2015, 06:04 AM
|
#5
|
LQ Newbie
Registered: Mar 2012
Posts: 4
Original Poster
Rep:
|
I was hoping the FTP shares could be presented via a web page, so using https
|
|
|
All times are GMT -5. The time now is 06:18 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|