On Thu, May 08, 2008 at 02:52:50PM -0700, David Newman wrote:
> Greetings. I'm setting up ftp access* for a number of users to a directory
> structure like this (assume "/" is an alias for the top of the tree):
>
> Username directory perms
> ------------------------
> user1 / rw
> user2 /projects r
> user3 /projects rw
> user4 / r
>
> The FAQ and the ftpd(8) manpage say that chrooting goes to a user's home
> directory, and nothing about permissions.
>
> Is there some other way of setting this up?
> ps. FTP is the client's choice, not mine. Same with this directory
> structure.
You could switch to a more featureful FTP daemon - vsftpd is likely to
be enough. It also supports FTP-with-SSL, which, while a many-tentacled
monstrosity, is at least preferable to plain FTP. As long as you don't
have to traverse stateful firewalls. (In vsftpd's defence, you can open
a range of ports only.)
However, OpenBSD's ftpd(8) should do. Aside from user4 being able to
write to /tmp and so on, at least - user/group permissions should
suffice. (Mode 0640? Feel free to set umask to 0137, see login.conf(5))
But you should probably at least try to get your client to consider
using sftp instead. Note that you can now have per-user chroots and
sftp-only accounts using sshd, and it's both less of a firewall-headache
and more secure than FTP. WinSCP is a very usable[1] interface for
anyone who is able to use an FTP client.
Also note that using sshd makes this directory layout almost sane.
FInally, if you do go with FTP, don't allow FTP accounts to log in.
Joachim
[1] Well, it is a graphical program and runs on Windows. But within
those constraints, I haven't had many problems with it.
--
PotD: x11/xcursor-themes - X11 Cursors themes
