Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Limiting FTP users' access?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Limiting FTP users' access?
Authored by: Anonymous on Apr 20, '01 10:23:48PM

The first thing to do is to ask yourself, can I use apache instead of ftp? If your users are just downloading files, just use http
downloads. (There's a way to do http uploads using webDAV or a perl script, but I haven't tried it yet.) It's a lot easier to
lock down httpd than ftpd.

OK, continuing on the assumption that you need ftp. The first (easy) thing to do is make sure all users with ftp access are
regular users, i.e. not administrators. Do this by editing the file /etc/ftpusers and adding the names of all unwanted users.
This should probably contain your own administrator login to prevent damage should someone get your password. With
only "user" access, they'll still be able to look around the drive (other than stuff in /Users) but they shouldn't be able to
delete anything. Note the backwards nature of /etc/ftpusers: users listed here are NOT allowed to log in.

At this point, what I did was change the group of the ftp users and change the permissions of files on the drive, but I don't
think this is the "right" way to do it. For that, open terminal and type "man ftpd". The man page describes how to set up
restricted users who can only see their own directory and can only execute the command ls. It takes a fair level of unix
twinkiness to do follow the instructions there; take a look and see if it seems doable. If not, post back and we'll tackle
it here (since I've wanted to do this as well...)

-Rob



[ Reply to This | # ]
RE: Limiting FTP users' access?
Authored by: saint.duo on Apr 21, '01 06:44:56PM
i attempted to do this, using the rules in the the FTPD manual, along with creating a user manually following the instructions to create an anynomous user (though I named the user "heero"). I ran into a few snags, though. there is no "ftp" group on my machine, and I don't know what extras to give it to make it work correctly, and after setting up the proper directories, i gave them to user "heero" and group "staff" (putting heero in the staff group, as well). I also gave "heero" a password using
 sudo passwd heero 
. When I tried to FTP in, and gave the server the name heero, it told me that login with that user was denied? Any ideas, either to the denied message or why I have no ftp group?

[ Reply to This | # ]