[nycbug-talk] Anonymous ftp upload questions
nomadlogic at gmail.com
Mon Aug 22 12:58:36 EDT 2005
On 8/22/05, michael <lists at genoverly.net> wrote:
> On Mon, 22 Aug 2005 08:52:31 -0700
> pete wright <nomadlogic at gmail.com> wrote:
> > On 8/22/05, michael <lists at genoverly.net> wrote:
> > >
> > >
> > > > None of the uploads work, but I am kind of annoyed at these test
> > > > uploads, but I'm thinking there is very little I can do about
> > > > this. Any ideas? Anyone else have a similar set up? Would you set
> > > > up a no privaledges account, rather than go anonymous, seems like
> > > > more of a hassle to risk having a real user id and password, even
> > > > with really restricted privs, going out over ftp.
> > > >
> > > > Thanks,
> > > >
> > > > --
> > > > Marco
> > >
> > > I run vsftp on FreeBSD, it is great stuff. Anon is tough, I block
> > > it. vsftp has a lot of flexibility, why not create a single user for
> > > them to upload? I set their password using mysql auth, so no shell
> > > access. You can use vsftp to tweak their rights.
> > sweet, hey michael so is mysql auth part of the stock vsftp package or
> > is there some vodoo that will get that working. proftpd's DB auth
> > when i hacked it some time ago was not too fun....what was nice about
> > what we did though was that the ftp daemon did not need access to
> > /etc/passwd, so producers could create/delete ftp accounts directly
> > on the DB. -pete
> > --
> > ~~o0OO0o~~
> > Pete Wright
> > www.nycbug.org <http://www.nycbug.org> <http://www.nycbug.org>
> > NYC's *BSD User Group
> I wouldn't call it voodoo <grin>. I had set up email (courier-imap,
> postfix) to hold user auth, so, I figured.. why not ftp?. I was
> constrained to MySQL.
> xinetd takes the call on port 20 and routes them to vsftpd and its conf
> file. On logon, pam gets the auth request. /etc/pam.d/ftp has the
> entries to look up the users in the db rather than system accounts.
ahh...I never though about PAM
/me slap's head for missing the obvious
vsftpd has a vsftp_user_conf directive that contains a directory and for
> each user if you want user-specific confs, which is nice.
> Sample conf called by xinetd:
> ->grep ^[^#] /usr/local/etc/vsftpd/vsftpd.conf
execellent thanks once again senor genoverly.
NYC's *BSD User Group
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk