This isn't too hard..
First, create a group or groups for your ftp users. In the /etc/ftpaccess
file you can use a "guestgroup" parameter and specify your ftp groups.
Assuming you want to dump anonymous, delete the reference to "anonymous"
in your ftpaccess file. Example:
class all real,guest *
guestgroup ftp
guestgroup ftp2 (I have not tried multiple guest groups, but it should
work)
Now you will need a virtual file system for this to work right. If you
are running Linux, look in /home/ftp and you will see:
../lib
../etc
../pub
../bin
Just copy this to wherever you want your ftp users to live (I think you
should put all the ftpuser dirs in the same dir with the virtual file
system copied to that dir. i.e.
/ftpusers/lib
/ftpusers/etc
/ftpusers/pub
/ftpusers/bin
/ftpusers/pub/john
/ftpusers/pub/bill
We are doing this so different users can belong to different groups, thus
you control access to different dirs this way:
drwxr-x--- 2 john ftpgroup [date] john
drwxr-x--- 2 bill ftpgroup2 [date] bill
Now, to get into bills dir, you have to either be bill, or be in
ftpgroup2.
Edit your /etc/shells file and add /etc/ftponly as one of your shells.
Now here comes the cool part...
Users bill and john should have their home dir set to ftp users. The
/etc/passwd entry should look like this:
john:x:505:50:John Doe:/ftpusers/./:/etc/ftponly
Now, I won't give all the steps to accomplish this since I am assuming a
certain level of unix knowledge, but what this accomplishes is:
The users will be "chrooted" to the /ftpusers directory because of the
"/./" meaning this will be his/her root. This is all of the file system
this user can see. This also sets his/her shell to "/etc/ftponly" so that
is all this user can do.
I think this covers all your requirements.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Fri, 14 May 1999, simon wrote:
> Hi,
>
> I wanted to control FTP and Telnet of the users.
> such that
> 1) normal ftp users are restricted to their home dir.
>
> 2) disable telnet services to normal ftp users.
>
> Now, here comes the tough one,
>
> How do you
> 1) allow ftp user userabc to write to the dir which
> belongs to userdef
>
> 2) allow userabc to CD to home dir of userdef only
>
>
> Any advice will be greatly appreciated.
>
> TIA.
>
> best Rgds,
>
> Simon
> Network Administrator
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
