On Thu, Nov 11, 2004 at 08:14:01AM -0800, Brian McGrew wrote: > Good morning all, > > I need to rebuild our FTP server. It's currently running on a Solaris > 2.6 box and it's been so long ago that I've forgotten what I did and I'm > sure the technology has changed considerably since. > > I have a couple of requirements and I'm hoping that someone can point me > in the right direction. First issue. Scrap vsftpd - it's way, way too simplistic for anything that has real-world non-anonymous requirements. We're running ProFTPd on our RHEL 3 server. It's replacing an older wu-ftpd implementation. > 1) I have about 250 customers that will need read access to their own > folders only and read access to an Updates folder located outside their > home directory As long as you can define this rule clearly, this can be done in ProFTPd. For example, here's how to restrict access to a download area: <Directory ~/pub/download/*> <Limit WRITE SITE_CHMOD> DenyAll </Limit> </Directory> > 2) I have about 100 staff members that have nfs mounted home > directories who will need access to not only their own directories but > read/write access to all the customers directories. See above. > 3) I have a Updates folder located outside of my staff or customers > home directories that customers will need read access to and staff will > need read/write access to. See above. You can do some of this stuff with Virtual Servers too. For example, I have 2 interfaces on my DMZ system - one pointing internally and one pointing externally. For an internal client, they can roam all over the file system limited only by their traditional file system access. For external connections, they're automatically chroot'ed to their home directories. A user will have one set of restrictions on our internal network and a different set from the outside world. > Any suggestions on implementing this under FC2/3? Grab the ProFTPd rpm from Dag's archive. Help is at http://www.proftpd.org. There's a mailing list too. -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list