Anthony J Placilla wrote:
ImagePlace IT wrote:
Greg Swift wrote:
ImagePlace IT wrote:
Greetings,
Please except my apologies for being off topic. I'm looking for a
pointer to recommended practices. (With an explanation and attached
question).
I need to configure a vsftpd service denying anonymous logins and
sharing nothing. That is, customers get a username, password and a
dir, with full permissions, without the ability to see other dirs.
Q: How to create and manage usernames and passwords without giving
them a system user/group account? Or should I give the system account
and deny shell logins and access to other services etc...?
You can do what Anthony recommended, but imho there is no reason to
generate nologin accounts for ftp access. Personally I have been using
pure-ftpd (http://www.pureftpd.org/) for my ftp server. Its a very
stable, and very secure (i've had no issues, and my use is as an isp).
It gives you all kinds of control over what the users are doing, and
provides true virtual user support, in or out of a chroot environment.
You can backend it with a simple auth file, or backend with a db or ldap.
unfortunately its not an rpm install (unless u try using fedora's
extra package, which I havent).
i'm not affiliated in any way.. i just think it blows vsftpd out of
the water.
-greg
Thank you all for your info.
A pureftpd implementation looks rather capable. Looks to allow
scalability, manageability and reliability which therefore eases my
backup and disaster recovery routines. (Specific to the ftp service).
However, the lack of a Red Hat issued RPM is grounds for at least a
second thought due to the inherent advantages to that methodology.
Looks like a fork in the road here. Pondering whether to use the system
UID/GID or diverge from Red Hat recommendations...
Breaking the RH RPM methodology will require a new level of procedure
and documentation... hmm... Always a function of time for me. Ha Ha Ha.
Thanks again for the info.
Jeff
Another option is to get the SRPM & such from the CentOS site, Fedora
extras, or from Dag's repository & rebuild it for your system.
Or you could build from source as:
rpmbuild -ta pure-ftpd-1.0.21.tar.gz
In any case you're not going to have RedHat's support but at least
you'll keep it in the methodology.
Sometimes, if you can't have the whole hog, a ham sandwich is good enough.
So I'm kinda curious... does anyone know how one would go about making a
recommendation for inclusion of a package, or even better replacement?
From what I can tell pure-ftpd can do everything vsftpd does and more.
Numerous other distros ship with it, some even as default (I believe its
the default ftpd for SuSE).
This would help with people like Jeff and I who have to break our
installation procedures by installing a non-RH standard package. (Like
Jeff, my goal with most of my systems was to try and make them work
within the confines of the RH package list).
-greg
--
“While it is possible to change without improving, it is impossible to improve
without changing.” -anonymous
“only he who attempts the absurd can achieve the impossible.” -anonymous
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
