LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-14-2015, 11:08 AM   #1
Rumbles
LQ Newbie
 
Registered: Mar 2012
Posts: 4

Rep: Reputation: Disabled
Question Bets FTP server for the job - some specific requirements


I'm looking in to setting up an FTP server, actually an SFTP server. The plan is to have it live in the DMZ, so that our clients who are able to pass through that Firewall can get on to it and authenticate, at that point they will be chrooted to a directory.

To make it slightly more complicated, I was hoping that I would be able to allow members of staff to have access to a number of client home folders. The reason for this is that staff may need to give multiple clients access to files, I want to know who is logging in, so rather than give the staff the FTP usernames/passwords for each client I was wondering whether it would be possible to nest the users folders within the department folders, then have a number of staff for each department with the same home directory. I see the layout being something like this:

/FTP/department1/user1
/FTP/department1/user2
/FTP/department1/user3
/FTP/department2/user4

Can anyone see an issue with doing this?

Also, I was hoping I would be able to set up all of these users as virtual users, either via a DB or file, this info would need to be stored locally.

Ideally, I then need some way to manage password aging which ever way it's set up. I know this is possible with system logins, and if I were using a DB I could probably write a cron job to check the age of passwords and disable ones over 90 days old. I'm wondering if there is something out there which will help me do this that I am not currently aware of.

Since I need to set up password aging, it would be best if the client logging in was notified that their password was getting old and prompt them to change it, I'm not sure that would even be possible via normal FTP.

Some of our clients have also informed us that they are not allowed to install FTP software at their company, so some would also require a web frontend to the FTP server.

I guess if it wasn't possible to change password via FTP client, it might be possible to at least tell them it needs changing and prompt them to go to a web portal page to do so. Otherwise every 90 days I will get a torrent of password change requests once the aging kicks in and the passwords no longer work. Plus, I'd rather not be emailing out passwords.

Currently I am unsure of the best FTP server to use, my OS of choice is CentOS (6), I know I can easily install vsftpd, proftpd and pureftpd, and they're all good, with reasonable security, and pro/pure have modules and addons that have been written for them for administration. Personally I don't mind which server we go with, but the requirements I have in mind are making it very difficult for me to settle on one, as I don't think any of them can do everything I want/need.

I know my requirements are quite excessive for FOSS, I've been reading a lot of articles, some of which would help with some features I'm after but none would cover all of them. I'm just wondering, am I asking (way) too much, or is there something out there I haven't come across yet which is exactly what I need?

To summerise, my requirements:

SFTP access - chrooting users
Virtual Users - preferably allowing nesting for staff/clients
Password aging for all SFTP users
Web frontend access to FTP content authing off same system that main SFTP uses
Web frontend allowing users to change their password once logged in

I am aware that there are plenty of paid for FTP server software out there, some of which offer some of these features, I wouldn't be averse to paying a reasonable fee, if it did everything I needed and saved me some headaches.

Any advice at this point is welcome, thanks in advance!
 
Old 04-14-2015, 11:50 AM   #2
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fedora-35
Posts: 5,326

Rep: Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919
i have no experience with chrooting but from my limited knowledge it seems like an ssh server and modifying users home directory would suffice (sftp clients connect to an ssh server -- not an ftp server).

you also seem to think that sftp and ftp are the same thing but they are pretty different.

Last edited by schneidz; 04-14-2015 at 11:52 AM.
 
Old 04-14-2015, 01:35 PM   #3
Rumbles
LQ Newbie
 
Registered: Mar 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by schneidz View Post
i have no experience with chrooting but from my limited knowledge it seems like an ssh server and modifying users home directory would suffice (sftp clients connect to an ssh server -- not an ftp server).

you also seem to think that sftp and ftp are the same thing but they are pretty different.
Hi, I don't want to use system auth for sftp login, I'd rather run a separate FTP server and run virtual users on the server.
 
Old 04-22-2015, 08:41 PM   #4
buaku
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2 (2.4.31)
Posts: 119

Rep: Reputation: 15
You could always look into glftpd.

As to the whole users can't install ftp software, that shouldn't be an issue. Just their regular web browser should suffice. Not sure how that works with sftp though. The other issue you may run into is that the client sites may just block the ftp protocol altogether.
 
Old 04-24-2015, 06:04 AM   #5
Rumbles
LQ Newbie
 
Registered: Mar 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
I was hoping the FTP shares could be presented via a web page, so using https
 
  


Reply

Tags
centos, ftp, sftp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Lock FTP to Specific Directories on CentOS 6 web server Jackoalltrades Linux - Server 1 10-16-2014 03:16 PM
How can I restrict FTP users to specific folders on the server (CentOS 6.0) redhat19 Red Hat 1 05-03-2012 10:44 PM
In plesk , I wish to have a backup cron job, ftp back up file to another ftp server? muskiediver Linux - General 6 07-16-2009 03:13 AM
Requirements for a job advert dula Linux - Networking 1 05-14-2007 11:50 PM
Allow only specific IP's to log to FTP server ganninu Linux - Security 5 12-11-2003 07:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration