I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client’s FTP space but each client should only be able to reach his own. As my users finish a doc, they place it in that client’s FTP directory and the client can log in and get it. As such, I don’t want any form of unauthenticated FTP.
I’ve tried different combinations of group names and directory permissions without success, but chrooting users doesn’t seem to solve my problem either, and my two favorite BSD books – Tiemann et. al. (Unleashed) and Lucas (Absolute) take the same approach the man pages do, in my opinion, which guides you either into an all anonymous system, or a system suitable for organizations such as software distributors in which clients/users authenticate but then all access the same directory (/pub for example). I could use some help conceptualizing this. Is the solution ftpchroot? If so, it’s not clear how I can chroot each potential client into his own directory, as my understanding is that all chrooted users wind up at the same place (like /var/ftp/pub). Or is the solution that each client gets access to his own home directory; if so, how do I ensure my staff has access to each client’s home directory? Lastly, I’ve also been reading up on PureFTP, which seems to have some advanced configuration potential (including LDAP authentication, something else that interests me) but it’s not clear that using an alternative product is indicated here. This seems like something other organizations must have dealt with, so I must be missing something fundamental. Can someone point me in the right direction? Finally, I’m aware FTP has inherent security liabilities as passwords cross the net in clear text, but I’m not convinced casual users on Windows boxes will be able to manage fun stuff like SSH connections or alternative software, like SCP. In my experience, the “modern” windows user accesses FTP sites using Internet Explorer, which is tremendously underwhelming. As such I am choosing a stand alone box on which no other services are running (mail, X, etc.). Am I right? Or is there some better method that won’t be too complex for the casual Windows user? Thanks advance for the pointers. Randy -- www.therandymon.com *Actually, this is all hypothetical, but I’m learning server admin so I can cross this bridge when the time comes, and having a lot of fun, naturally, since right now my screw ups don’t count! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
