Re: Recommendation for FTP server
On Thu, Dec 31, 2015 at 07:16:39PM -0500, Steve Matzura wrote: > Sounds a good plan, except everything available for download is on > remote shared places. You should be able to mount or bind-mount those into the /pub* area. Last time I ran something like this I used vsftpd which was pretty good, but I'd be hesitant to run an FTP server again myself.
Re: Recommendation for FTP server
I'm sorry. It seems that I replied to this mail privately. On 04/01/16 08:27, Daniel Bareiro wrote: > Hi, Steve. > > Happy New Year! (and to all members of the list!) > > On 31/12/15 21:16, Steve Matzura wrote: > >> Yes, very helpful. I'll look at mount options. >> >> Here's what I did on the old Windows server: >> >> Each user had their own login. >> >> All logins sent to the same read-only area, with one subdirectory in >> which all users could write. I know how to set that all up with >> regular FTP servers like ProFTPD. >> >> Other subdirectories were symbolically linked to the user login >> directory. Sounds like mounting these remote shares at, or as, mount >> points in the user login directory would be the proper thing to do, >> yes? Then ssh for FTP would work just fine. > > At this moment I do not remember why I had used the technique of > mounting using "bind" instead of using symbolic links. I think I had > tested the use of symbolic links and it does not worked. > > In any case, this mounting technique using "bind" can be use with both > SFTP and FTP servers (both chrooted). > > > Best regards, > Daniel signature.asc Description: OpenPGP digital signature
Re: Recommendation for FTP server
On Thu, 31 Dec 2015 13:33:44 -0500 (EST), Jude wrote: >If I were setting up an ftp server, I would create a /pub directory in >/home and would also create a /home/pub/incoming directory then lock any >guest into the /home/pub and /home/pub/incoming directories. The >/home/pub directory would be where I'd put files available for download >and the /home/pub/incoming/ directory is where guests could upload files >if they wanted to do so. You'll find that setup on many professional >ftp servers that have been on the internet for many years by now. Sounds a good plan, except everything available for download is on remote shared places.
Re: Recommendation for FTP server
Yes, very helpful. I'll look at mount options. Here's what I did on the old Windows server: Each user had their own login. All logins sent to the same read-only area, with one subdirectory in which all users could write. I know how to set that all up with regular FTP servers like ProFTPD. Other subdirectories were symbolically linked to the user login directory. Sounds like mounting these remote shares at, or as, mount points in the user login directory would be the proper thing to do, yes? Then ssh for FTP would work just fine. On Thu, 31 Dec 2015 14:19:05 -0300, you wrote: >Hi, Steve. > >On 31/12/15 14:07, Steve Matzura wrote: > >> That locks the user in their home directory, but I have to give them >> access to other things outside that directory, just not let them go >> walking around and get into any other directory on the system. That's >> why I was thinking of VSFTP, which locks the user into their home >> directory, doesn't use ssh, uses TLS or something else, and lets the >> administrator define a list of places where the user can go. > >If the user has to access different directories trees, then maybe you >could use the "bind" mount option for that from a single path the user >can access to paths that are not included each other. > >I hope this is useful. > >Best regards, >Daniel
Re: Recommendation for FTP server
If I were setting up an ftp server, I would create a /pub directory in /home and would also create a /home/pub/incoming directory then lock any guest into the /home/pub and /home/pub/incoming directories. The /home/pub directory would be where I'd put files available for download and the /home/pub/incoming/ directory is where guests could upload files if they wanted to do so. You'll find that setup on many professional ftp servers that have been on the internet for many years by now. On Thu, 31 Dec 2015, Nicolas George wrote: Date: Thu, 31 Dec 2015 12:45:49 From: Nicolas George Reply-To: debian-user@lists.debian.org To: Steve Matzura Cc: debian Subject: Re: Recommendation for FTP server Le primidi 11 niv?se, an CCXXIV, Steve Matzura a ?crit : That locks the user in their home directory That locks the user in any directory of your choosing. Choosing the home directory is the most common case, and therefore the one you find explained, but not the only option. Regards, --
Re: Recommendation for FTP server
Look in the /etc/ssh/ directory or /etc/default/ subdirectory those configuration files likely will be in one of those two locations. On Thu, 31 Dec 2015, Steve Matzura wrote: Date: Thu, 31 Dec 2015 11:32:34 From: Steve Matzura To: debian Subject: Recommendation for FTP server Resent-Date: Thu, 31 Dec 2015 16:32:51 + (UTC) Resent-From: debian-user@lists.debian.org ProFTPD? VSFTP? Something else? I'm needing a secure connection, non-SSH, because a lot of ssh built into FTP clients let you go wandering around outside your home area, unless there's a way to protect against that in the ssh configuration file, which I did look for but have not found. My FTP server must also be able to access network shares--a NAS box and some shared content on a Windows drive. TIA --
Re: Recommendation for FTP server
Le primidi 11 nivôse, an CCXXIV, Steve Matzura a écrit : > That locks the user in their home directory That locks the user in any directory of your choosing. Choosing the home directory is the most common case, and therefore the one you find explained, but not the only option. Regards, -- Nicolas George signature.asc Description: Digital signature
Re: Recommendation for FTP server
Hi, Steve. On 31/12/15 14:07, Steve Matzura wrote: > That locks the user in their home directory, but I have to give them > access to other things outside that directory, just not let them go > walking around and get into any other directory on the system. That's > why I was thinking of VSFTP, which locks the user into their home > directory, doesn't use ssh, uses TLS or something else, and lets the > administrator define a list of places where the user can go. If the user has to access different directories trees, then maybe you could use the "bind" mount option for that from a single path the user can access to paths that are not included each other. I hope this is useful. Best regards, Daniel signature.asc Description: OpenPGP digital signature
Re: Recommendation for FTP server
On Thu, 31 Dec 2015 11:32:34 -0500 Steve Matzura wrote: >ProFTPD? VSFTP? Something else? I'm needing a secure connection, >non-SSH, because a lot of ssh built into FTP clients let you go >wandering around outside your home area, unless there's a way to >protect against that in the ssh configuration file, which I did look >for but have not found. My FTP server must also be able to access >network shares--a NAS box and some shared content on a Windows drive. > >TIA > I use ProFTPD on my home server, it is easy to set up and use. I do not allow access in from the outside, so it easy to secure on my end. It does work to update my wordpress websites from home, though. -- Charlie Kravetz Linux Registered User Number 425914 [http://linuxcounter.net/user/425914.html] Never let anyone steal your DREAM. [http://keepingdreams.com]
Re: Recommendation for FTP server
On Thu, 31 Dec 2015 17:37:09 +0100, you wrote: >Le primidi 11 nivôse, an CCXXIV, Steve Matzura a écrit : >> ProFTPD? VSFTP? Something else? I'm needing a secure connection, >> non-SSH, because a lot of ssh built into FTP clients let you go >> wandering around outside your home area, > >Never rely on client restrictions for security. Surely not. >> unless there's a way to >> protect against that in the ssh configuration file, which I did look >> for but have not found. > >Search for "chroot" in sshd_config(5). Also, search the web for "chroot >sftp". That locks the user in their home directory, but I have to give them access to other things outside that directory, just not let them go walking around and get into any other directory on the system. That's why I was thinking of VSFTP, which locks the user into their home directory, doesn't use ssh, uses TLS or something else, and lets the administrator define a list of places where the user can go.
Re: Recommendation for FTP server
Le primidi 11 nivôse, an CCXXIV, Steve Matzura a écrit : > ProFTPD? VSFTP? Something else? I'm needing a secure connection, > non-SSH, because a lot of ssh built into FTP clients let you go > wandering around outside your home area, Never rely on client restrictions for security. > unless there's a way to > protect against that in the ssh configuration file, which I did look > for but have not found. Search for "chroot" in sshd_config(5). Also, search the web for "chroot sftp". Regards, -- Nicolas George signature.asc Description: Digital signature