Hi, and anyone comment on the security and efficiency of the following plan?
I want to allow some users to share some files via ftp. Now since ftp
sends passwords in plaintext I've chroot'd ftp and tried to prevent that
password from also being used to access the account in any other way.
Also I don't want to have to remember to keep adding to /etc/ftpusers
any more.
What I plan is:
- Running ftpd with the -USn switches from inetd
- Setting these user's login class to "ftpuser"
- Ensuring that these users can't use sudo to do anything useful.
- Modifying /etc/login.conf to look like this:
# Default allowed authentication styles
auth-defaults:auth=passwd,skey:
# Default allowed authentication styles for authentication type ftp
auth-ftp-defaults:auth-ftp=passwd:
default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
:umask=022:\
:datasize-max=512M:\
:datasize-cur=512M:\
:maxproc-max=128:\
:maxproc-cur=64:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,6:\
:ypcipher=old:\
:auth-ftp=reject:\
:tc=auth-defaults:
# Only allow ftp access to a chrooted area and don't also allow
# interactive login with the same password
# don't forget the account password is also used for sudo
ftpuser:\
:auth=reject:\
:ftp-chroot:\
:ftp-dir=~/ftp_home:\
:tc=auth-ftp-defaults:\
:tc=default:
This seems to work although auth=reject doesn't make people realise they
need to use ssh keys. Can anyone see any problems with this approach?
Thanks for your time
Mike
