ImagePlace IT wrote: > Greg Swift wrote: >> ImagePlace IT wrote: >>> Greetings, >>> >>> Please except my apologies for being off topic. I'm looking for a >>> pointer to recommended practices. (With an explanation and attached >>> question). >>> >>> I need to configure a vsftpd service denying anonymous logins and >>> sharing nothing. That is, customers get a username, password and a >>> dir, with full permissions, without the ability to see other dirs. >>> >>> Q: How to create and manage usernames and passwords without giving >>> them a system user/group account? Or should I give the system account >>> and deny shell logins and access to other services etc...? >> You can do what Anthony recommended, but imho there is no reason to >> generate nologin accounts for ftp access. Personally I have been using >> pure-ftpd (http://www.pureftpd.org/) for my ftp server. Its a very >> stable, and very secure (i've had no issues, and my use is as an isp). >> It gives you all kinds of control over what the users are doing, and >> provides true virtual user support, in or out of a chroot environment. >> You can backend it with a simple auth file, or backend with a db or ldap. >> >> unfortunately its not an rpm install (unless u try using fedora's >> extra package, which I havent). >> >> i'm not affiliated in any way.. i just think it blows vsftpd out of >> the water. >> >> -greg >> > Thank you all for your info. > A pureftpd implementation looks rather capable. Looks to allow > scalability, manageability and reliability which therefore eases my > backup and disaster recovery routines. (Specific to the ftp service). > However, the lack of a Red Hat issued RPM is grounds for at least a > second thought due to the inherent advantages to that methodology. > > Looks like a fork in the road here. Pondering whether to use the system > UID/GID or diverge from Red Hat recommendations... > > Breaking the RH RPM methodology will require a new level of procedure > and documentation... hmm... Always a function of time for me. Ha Ha Ha. > > Thanks again for the info. > > Jeff >
Another option is to get the SRPM & such from the CentOS site, Fedora extras, or from Dag's repository & rebuild it for your system. Or you could build from source as: rpmbuild -ta pure-ftpd-1.0.21.tar.gz In any case you're not going to have RedHat's support but at least you'll keep it in the methodology. Sometimes, if you can't have the whole hog, a ham sandwich is good enough. -- Tony Placilla, RHCT, GSEC [EMAIL PROTECTED] GPG-Key-ID: 1024D/C78F8B64 http://pgp.mit.edu Key fingerprint = A8D5 7AFF CE88 4179 C792 D9A9 F197 2A15 C78F 8B64 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
