Greg Swift wrote:
ImagePlace IT wrote:
Greetings,
Please except my apologies for being off topic. I'm looking for a
pointer to recommended practices. (With an explanation and attached
question).
I need to configure a vsftpd service denying anonymous logins and
sharing nothing. That is, customers get a username, password and a
dir, with full permissions, without the ability to see other dirs.
Q: How to create and manage usernames and passwords without giving
them a system user/group account? Or should I give the system account
and deny shell logins and access to other services etc...?
You can do what Anthony recommended, but imho there is no reason to
generate nologin accounts for ftp access. Personally I have been using
pure-ftpd (http://www.pureftpd.org/) for my ftp server. Its a very
stable, and very secure (i've had no issues, and my use is as an isp).
It gives you all kinds of control over what the users are doing, and
provides true virtual user support, in or out of a chroot environment.
You can backend it with a simple auth file, or backend with a db or ldap.
unfortunately its not an rpm install (unless u try using fedora's
extra package, which I havent).
i'm not affiliated in any way.. i just think it blows vsftpd out of
the water.
-greg
Thank you all for your info.
A pureftpd implementation looks rather capable. Looks to allow
scalability, manageability and reliability which therefore eases my
backup and disaster recovery routines. (Specific to the ftp service).
However, the lack of a Red Hat issued RPM is grounds for at least a
second thought due to the inherent advantages to that methodology.
Looks like a fork in the road here. Pondering whether to use the system
UID/GID or diverge from Red Hat recommendations...
Breaking the RH RPM methodology will require a new level of procedure
and documentation... hmm... Always a function of time for me. Ha Ha Ha.
Thanks again for the info.
Jeff
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
