> You should have read more documentation, Shouldn't everyone? :P > IMHO, using wu on a "secure" ftp system is a contradiction in terms :) I > don't want to start a holy war, but vsftpd is doing very nicely. It even > supports pam (in fact, that is what is recommended). Sorry; I can't use ver. 0.0.15 software on a production server. I've looked at ProFTPD as an alternative, but it almost seems worse than WU. There's almost always an un-patched exploit for it. > auth sufficient /lib/security/pam_bleh_for_ftppasswd.so > auth required /lib/security/pam_unix.so Yeah, I figured that part out. The difficult part is actually getting a file in the format that I need for pam_pwdfile.so > Don't know any way of doing this easily at the moment. You obviously need > an "adduser utilitity" that uses pam, not sure if one exists. Not one that uses PAM necessarily, just one that can put/generate usernames:encrypted_passwords someplace besides /etc/passwd > Like I said, don't use wu if security is a concern. As far as the > uid/gid/permissions go, I didn't quite follow what you were saying. Here's the problem in a little more detail. All my web sites have two main directories: htdocs and cgi-bin. Htdocs is owned by user web and cgi-bin is owned by user cgi for every site I host. Any ftp daemon will try to run as the user logged in (a user from either /etc/passwd or /etc/ftppasswd), but of course the directory I'm chrooting them to is owned by either web or cgi. I don't want to have each site owned by a different user; that's a nightmare for more than a handful of sites. Also, the ftp program is the only application on the system that uses PAM, everything else uses traditional authentication methods (Slackware 7.0/1). This problem is really not within the scope of this list, however. Kelly -- -------------------------------------------- -- Kelly Corbin -- Systems Administrator -- -- http://www.theiqgroup.com -- -- The IQ Group, Inc. -- 6740 Antioch Suite 110 -- Merriam, KS 66204 -- (913)-722-6700 -- Fax (913)722-7264 --------------------------------------------
