[nycbug-talk] Anonymous ftp upload questions

pete wright nomadlogic
Mon Aug 22 12:58:36 EDT 2005


On 8/22/05, michael <lists at genoverly.net> wrote:
> 
> On Mon, 22 Aug 2005 08:52:31 -0700
> pete wright <nomadlogic at gmail.com> wrote:
> 
> > On 8/22/05, michael <lists at genoverly.net> wrote:
> > >
> > >
> > > > None of the uploads work, but I am kind of annoyed at these test
> > > > uploads, but I'm thinking there is very little I can do about
> > > > this. Any ideas? Anyone else have a similar set up? Would you set
> > > > up a no privaledges account, rather than go anonymous, seems like
> > > > more of a hassle to risk having a real user id and password, even
> > > > with really restricted privs, going out over ftp.
> > > >
> > > > Thanks,
> > > >
> > > > --
> > > > Marco
> > >
> > > I run vsftp on FreeBSD, it is great stuff. Anon is tough, I block
> > > it. vsftp has a lot of flexibility, why not create a single user for
> > > them to upload? I set their password using mysql auth, so no shell
> > > access. You can use vsftp to tweak their rights.
> >
> >
> >
> > sweet, hey michael so is mysql auth part of the stock vsftp package or
> > is there some vodoo that will get that working. proftpd's DB auth
> > when i hacked it some time ago was not too fun....what was nice about
> > what we did though was that the ftp daemon did not need access to
> > /etc/passwd, so producers could create/delete ftp accounts directly
> > on the DB. -pete
> >
> >
> > --
> > ~~o0OO0o~~
> > Pete Wright
> > www.nycbug.org <http://www.nycbug.org> <http://www.nycbug.org>
> > NYC's *BSD User Group
> 
> I wouldn't call it voodoo <grin>. I had set up email (courier-imap,
> postfix) to hold user auth, so, I figured.. why not ftp?. I was
> constrained to MySQL.
> 
> xinetd takes the call on port 20 and routes them to vsftpd and its conf
> file. On logon, pam gets the auth request. /etc/pam.d/ftp has the
> entries to look up the users in the db rather than system accounts.



ahh...I never though about PAM
/me slap's head for missing the obvious

vsftpd has a vsftp_user_conf directive that contains a directory and for
> each user if you want user-specific confs, which is nice.
> 
> Sample conf called by xinetd:
> 
> ->grep ^[^#] /usr/local/etc/vsftpd/vsftpd.conf
> anonymous_enable=NO
> local_enable=YES
> write_enable=YES
> anon_upload_enable=NO
> anon_mkdir_write_enable=NO
> dirmessage_enable=YES
> connect_from_port_20=YES
> xferlog_enable=YES
> xferlog_file=/usr/local/var/log/vsftpd.log
> banner_file=/usr/local/etc/vsftpd/vsftpd.banner_file
> secure_chroot_dir=/usr/local/share/vsftpd/empty
> chroot_local_user=YES
> user_config_dir=/usr/local/etc/vsftpd/vsftpd_user_conf
> 
> 
> 
> Michael
> 

execellent thanks once again senor genoverly.

-pete

-- 
~~o0OO0o~~
Pete Wright
www.nycbug.org <http://www.nycbug.org>
NYC's *BSD User Group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nycbug.org/pipermail/talk/attachments/20050822/c0e8dd21/attachment.html 



More information about the talk mailing list