On Mar 21, 2008, at 10:21 AM, Lan Barnes wrote:
I want everyone (joe 6-pack) to be able to go:
ftp 10.1.1.101
... and get in.
Well, that's not going to happen... there will *always* be a username
and password prompt in that process, it's simply part of the protocol
and can't be bypassed.
I want everybody to be sent to /data/stuff_to_give_up and
not be able to get out of there. I don't want to screw around with
access
lists or adding users.
That's fine. You still have two options... out of the (RedHat) box,
vsftpd comes configured to allow anonymous access in a chroot set to /
var/ftp. So without *any* config changes, all of your "joe 6-packs"
could:
$ ftp 10.1.1.101
Connected to 10.1.1.101.
220 (vsFTPd 2.0.1)
Name (10.1.1.101:jpenix): anonymous
331 Please specify the password.
Password: [EMAIL PROTECTED]
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||22901|)
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Aug 02 2007 pub
226 Directory send OK.
ftp> pwd
Remote directory: /
ftp>
In my reading (I'm the first to admit I get confused), what's being
suggested (1) requires that I give all my users indicidual access
accounts
(2) chroots them to /home/jsixpack, which is a PITA (yeah, I can edit
their home in /etc/passwd I suppose to all be the same place).
If you don't like the anonymous approach (since it lets anyone in,
asking only that they put a valid but easily forged email address in
the password), you could follow #2 in my previous config example to
effect the chroot, and then create a single user with a home directory
pointed where you want. Call that user "publicftp" and give them a
simple password that you share. Have everyone use that same login and
password.
Still, they're going to have a multi-step login process unless they
use a FTP client which can "memorize" connections and automate the
login process. For this I recommend FileZilla: http://filezilla-project.org/
--
Joshua Penix http://www.binarytribe.com
Binary Tribe Linux Integration Services & Network Consulting
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
