Rodrigo Barbosa wrote:
>
> If that is all your users will have to do on the server, I recommend
> using proftpd with virtual users.
I concur, and do just such here to run our FTP server. It's basically
this simple:
1) Install a RPM, here's mine compiled with a MySQL auth bugfix for
RHEL4/CentOS4 (ProFTPd bug #2644):
ftp://falsehope.com/home/tengel/centos/4/te/i386/RPMS/proftpd-1.2.10-10_mysql.te.i386.rpm
2) Edit /etc/proftpd.conf to not use system logins, and instead use a
set of files on the system (you can also use MySQL or another method,
just giving the easy way here):
AuthPAMAuthoritative off
AuthPam off
AuthUserFile /opt/etc/passwd.ftp
AuthGroupFile /opt/etc/group.ftp
3) Create /opt/etc/group.ftp with one (or two) lines in it:
ftp::50:
nobody::99:
4) Add login users to /opt/etc/passwd.ftp, using an encrypted password
(such as those created by "htpasswd" that comes with Apache). Make one
that you never use for the user "ftp" (or for anon logins), then one for
your actual login people:
ftp:XXXXXXX:14:50::/var/ftp:/sbin/nologin
someuser:XXXXXX:14:50::/var/www/html:/sbin/nologin
5) Change the permissions of your /var/www/html tree to allow UID 14 (or
GID 50) to write to it.
You can further increase security by making a third group with a unique
GID and have the user have it's own unique UID as well, but I'll leave
that up to you to figure out. There's a lot of room for play in the
above steps, they're meant as a guideline.
NOTE: if you use MySQL as your authenticator and do *not* want to fall
back to system auth (PAM), then you need to set two more options in
/etc/proftpd.conf:
PersistentPasswd off
AuthOrder mod_sql.c mod_auth_file.c
FYI only.
-te
--
Troy Engel | Systems Engineer
Fluid, Inc | http://www.fluid.com
