Hi, I want to setup a ftp server on my slack 10 box. Here's what I need to do -

1.have a dir such as /ftp/ that the user logs into.

2.deny permission to change directory to anything that isn't a sub-dir of /ftp/

3.have read access to files not in /ftp dir. could this be done with links? eg : i could serve files from /home/user/docs/ and make them look like they are in /ftp/docs/.

4.have a limited user for ftp with no access to shell or any system settings. ie - just a user for ftp.

5. could this be done with ssl or something? I've heard of sftp. would a special client be needed to connect and do standard ftpd programs support sftp?

The point of all this is to have a place where network users can upload files and share resources without resorting to windows shares. If anyone knows of a better way to do this then i'd be happy to hear about it.

Thanks a lot!

Graham.

Proftp comes with Slackware. I believe it can do everything you want of it. In fact, it is probably running already unless you chose not to install it or not let it start at boot. Try logging onto your comp from another computer and using your account as a name and password. I dunno how to configure it tho, never had to. It is all done via a text file in /etc i think.

Hi, thanks for your help. I'll take a look at that ftp setup. I was specifically wondering about the lowering of priviliges and the serving of linked files if anyone knows about these issues.

Thanks,

Gir.

I like PureFTP...................it is a more secure ftp server and does all what you want and more with a proven track record..........Some distros even ship with PureFTP out of the box........

Also, there is a Webmin module for it, too (scroll down about halfway)................

Do you know if this can be used with linked files rather than actual files in the chrooted directory?

Thanks,

Gir.

Since nobody has actually answered the original question, I thought I would add a few comments:

While it is true that proftpd is not regarded to be as secure as pureftp and vsftpd, it is highly configurable and is fine for DMZs and internal LANS. To limit ftp users to their home dirs add this to the global part of /etc/proftpd.conf:
DefaultRoot ~

To set up an "incoming" dir do something like
mkdir /home/ftp/incoming
chown ftp.ftp /home/ftp/incoming

Uncomment the following in /etc/proftpd.conf
# <Directory incoming/*>
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>

You can also explicity allow and deny various ftp operations by IP address. See the documentation for more on this.

i cant find pre built pureftpd packages for slackware .. im blind :?

linuxpackages.net

You can compile pure-ftpd yourself it is fast and you can add a mysql authentication option to use virtual user and store their password in a mysql table, in this way the ftp users are not present in the system, you limit the browsable directory by indicate it on a field of the mysql table.

Thanks for all the comments so far. Does anyone know abou the linked files issue? Should the files be soft or hard links?

Thanks,

Gir.

do man ln, you will see clearly the difference between hard and soft links

Pureftp will see symlinks no problem................And it would depend on what your needs are as to using hard links or symlinks...........

Hard links will not work across drives or partitions, meaning they must be on the same partition and will not work for directories. You will have to create directories for hard links if you want ot copy the directory structure...........A hard link is another name added to the same file, so it is actually the same file with another name in a another location on the same drive or partition............

Symlinks are special files which point to another file and will work across different drives and partitions...........They are not the original file, but merely redirect you to the original................

Either way, no one will be able to browse outside of that user's home directory on the server, unless you allow it.........<EDIT> Pureftp will still not allow anyone to go outside the user's home directory, even if the symlink points to a file or directory which is outside the home directory, and the user can browse a symlinked directory as if it is part of the home directory </EDIT>...........

Thank you for shedding some light on this. As far as i understand then I think a good way to do this might be to setup the ftp directory on the users home directory, say as /home/ftp, then link the files to share from the users home file.

this could get pretty complicated if I use hard links because I have to create a dir for each nested dir. If I understand correctly then I can just setup symbolic links from the user dir to the ftp dir and the whole directory will be available without the ftpuser having real access to the user dir? Is this a security risk? if i've misunderstood please enlighten me.

Thanks,

Gir.

That's it in a nutshell...............A couple of things to consider is Pureftp works better as a standalone server (running in daemon mode) rather than using the inetd superserver, and the configuration is mostly done on the command line using switches and args...........So be sure to RTFM.........You're questions about security should be answered as well.........

It also comes with some nifty tools for passwds, it's own db (or you can use other ones), a bandwidth monitor for monitoring who's connected to the server, and more.......


PS: If all you're doing is sharing files, why not set up something similar to what a central file server does in a local network where the files are stored on the central server (in this case it could be a common directory), and then link it to each user's home directory?.......Each user can have his own subdirectory in that common directory, but is shareable to others..............Or set the perms to where only the owner of the file can change it, but others can read the file..........