ftp only account
hello everyone ! i have a few questions, 1. how do i give users an ftp only account (no telnet, etc). 2. im using default debian install (2.0) , how do i enable anonymous ftp sessions ? thanks a lot Sib - A world of Information. The journey begins here. At Home. Internet Cebu's web based mail. http://www.i-mailbox.net
Re: ftp only account
- 1. how do i give users an ftp only account (no telnet, etc). give them shell which doesn't work, but is listed in /etc/shells for example /bin/false... - 2. im using default debian install (2.0) , how do i enable anonymous ftp - sessions ? addftpuser -- Matus fantomas Uhlar, sysadmin at NETLAB+ Kosice, Slovakia BIC coord for *.sk; admin of netlab.irc.sk; co-admin of irc.felk.cvut.cz M$ Win's are shit, do not use it !
Re: [Q] How to create a FTP only account...
-BEGIN PGP SIGNED MESSAGE- On Thu, 26 Jun 1997, Alex Yukhimets wrote: As a joke, I know one ISP that to prevent telnetting put to everyone's account a .login file with logout line in there :) Everyone just smart enough to ftp a better .login gained easy shell access... What if he had the homedirectory of said users owned by root, as well as the .login file? Nils - -- \ /| Nils Rennebarth --* WINDOWS 42 *-- | Schillerstr. 61 / \| 37083 Göttingen | ++49-551-71626 Micro$oft's final answer | http://www.nus.de/~nils -BEGIN PGP SIGNATURE- Version: 2.6.3i Charset: noconv iQB1AwUBM7pY31ptA0IhBm0NAQHFegL+OGUOYuNsPlfNALC2zaqZClV+lh2qgc+I Iw0XA61Q6las5X8fD/iW5ddC86ehuv+9RhQhrNJGfbaTGgOwXS2mWpNRkLNZFjCN 1acwHFFLVXokpET+dDoVU1ZnbxpwUPWd =aVdg -END PGP SIGNATURE- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
On Mon, 30 Jun 1997, Sudhakar Chandrasekharan wrote: Rob, I have the same problem. Could you email me any answers that you get by personal email? Would greatly appreciate it. I am on the mailing list. So I would get to see the emails that come to the mailing list. Sudhakar Hello Sudhakar, fellow debianers, :) First thanx to everyone who helped me on this. The ftp web accounts are all working great now. There really wasn't alot that really had to be done but this is exactly what how i have it setup. You may wish to place things else where cd / mkdir webftp drwxr-sr-x 7 root root 1024 Jun 29 22:58 webftp Now copy the /home/ftp/bin lib and etc dir to /webftp cp -ap /home/ftp/bin /webftp cp -ap /home/ftp/lib /webftp cp -ap /home/ftp/etc /webftp I also copied and changed the welcome.msg aswell. I added another directory here where the user accounts go /webftp/web. Change the group of the web dir to webusers cd /webftp mkdir web drwxr-xr-x 4 root webusers 1024 Jun 29 21:48 web Then add a group to /etc/group and place the users in that group. I'll use webusers as the group and user1 and user2 as the users. webusers:*:109:user1,user2 And add this line to your /etc/ftpd/ftpaccess file. This allows all users in the group webusers to ftp in and saves you from having to add a guestgroup for each user. guestgroup webusers Now just add your users and edit the /etc/passwd file (always using caution when doing this. I'd recommend makeing a passwd.bak just in case) You need to change the users home path to: user1:passwd:5000:5000:Web User:/webftp/./web/user1:/bin/true user2:passwd:5001:5001:Web User:/webftp/./web/user2:/bin/true *Make sure you add /bin/true to /etc/shells Remember to move the users home directory to /webftp/web with the perms drwxr-xr-x 2 user1 user1 1024 Jun 29 23:05 user1 drwxr-xr-x 2 user2 user2 1024 Jun 29 23:05 user2 With these permissions all the users can cd to the other accounts and see what they have. I really don't see this as a problem as everything there will be accessable via the web anyways. change the permissions as you see fit. Now they can ftp in and put stuff in thier own directories (but not others). I made the /webftp/web dir for the users home dirs and added a index.html to /webftp/web to include a listing of all the system users. One optional thing i did was to make a link: ln -s /webftp/web /home/www-data/web This was created so none of these users needed a public_html file. they just need to put thier files in thier home directories. The url would then be http://www.your.site/web/user1. No ~ is needed before user1. Hope this helps you out. -Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
On Sun, 29 Jun 1997, System Account wrote: [...] # # Any other suggestions??? # # -Rob # Yes. Install Proftpd. It's very easy to setup such account with it (no dir hierarchy for each account or passwd mess). It's in unstable (or http://www.proftpd.org). Marcelo. Marcelo Zacarias - CIAGRI/USP // Finger for PGP public key and stuff Love your enemies: they'll go crazy trying to figure out what you're up to. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
Hi all Hi regarding this subject... I have used /bin/true for ftp-only accounts but i need to go one step farther. I have a /home/webusers directory where i have user accounts who with web space only. Right now they ftp in and put there html files there. But the thing is they still have access to the rest of the machine. So.. How can i have /home/webusers setup as a root dir (chroot environment)? Set up wu-ftpd as your ftp server. Then put all users into one group. This doesn't need to be the only group they are in. Call this group 'ftponly' just to be obvious. Then edit the ftpaccess file and place a line guestgroup ftponly in it. Then put files like bin/ls, etc/passwd and etc/group into their home directories just as if they were the home directory for an anonymous ftp account. If you forget this they won't be able to do 'ls'. Now you should be all set up. Don't forget to read the right man pages so you understand what I am talking about (ftpaccess has its own page). Also i'm not sure if i want then all grouped together in one group? Can anyone explain pros/cons for this? I have no idea about really bad or really good things, but if they have a umask 002 like in a standard Debian system, their primary group should not be ftponly and their files should not be group-owned by this group. A pro is of course that the thing with wu-ftpd actually works if they are in one group. Remco -- Jean-Luc Picard: To baldly go where no man has gone before. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
On Sat, 28 Jun 1997, System Account wrote: regarding this subject... I have used /bin/true for ftp-only accounts but i need to go one step farther. I have a /home/webusers directory where i have user accounts who with web space only. Right now they ftp in and put there html files there. But the thing is they still have access to the rest of the machine. So.. How can i have /home/webusers setup as a root dir (chroot environment)? Also i'm not sure if i want then all grouped together in one group? Can anyone explain pros/cons for this? have a look at proftpd which is a new ftp server package in the hamm (aka unstable) distribution. proftpd does virtual ftp hosting. It is possible to patch wu-ftpd to do virtual hosting too, but it is a lot more work and IMO doesn't give as good a result. proftpd is MUCH easier than messing about with patching wu-ftpd. WARNING: you may have to upgrade several other packages to hamm - hamm is in transition from libc5 to libc6. There are many significant changes from libc5 to libc6, so doing this may cause you many headaches at the moment. Try installing proftpd, if it doesn't work without requiring new libs etc then read docs about libc6 BEFORE you decide to upgrade everything else. If you decide not to upgrade to hamm, then it should be fairly simple to download the debianised sources for proftpd and make your own package - rebuilding packages for debian is very easy. BTW, I am running hamm at the moment, and haven't had any problems with it. Craig -- craig sanders networking consultant Available for casual or contract temporary autonomous zone system administration tasks. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
On Sun, 29 Jun 1997 [EMAIL PROTECTED] wrote Hi all Hi regarding this subject... I have used /bin/true for ftp-only accounts but i need to go one step farther. I have a /home/webusers directory where i have user accounts who with web space only. Right now they ftp in and put there html files there. But the thing is they still have access to the rest of the machine. So.. How can i have /home/webusers setup as a root dir (chroot environment)? Set up wu-ftpd as your ftp server. Then put all users into one group. This doesn't need to be the only group they are in. Call this group 'ftponly' just to be obvious. Then edit the ftpaccess file and place a line guestgroup ftponly in it. Then put files like bin/ls, etc/passwd and etc/group into their home directories just as if they were the home directory for an anonymous ftp account. If you forget this they won't be able to do 'ls'. Now you should be all set up. Don't forget to read the right man pages so you understand what I am talking about (ftpaccess has its own page). Also i'm not sure if i want then all grouped together in one group? Can anyone explain pros/cons for this? I have no idea about really bad or really good things, but if they have a umask 002 like in a standard Debian system, their primary group should not be ftponly and their files should not be group-owned by this group. A pro is of course that the thing with wu-ftpd actually works if they are in one group. Remco Ok this is what i have setup right now ***/etc/passwd*** miller:passwd:5000:5000:Miller:/ftp/./web/miller:/bin/true the /bin/true is in /etc/shells ***/etc/group*** webusers:*:109: miller::5000: should this be webusers:*:109:miller and all other users? now i made a /home/ftp/webusers dir drwxr-xr-x 3 root webusers 1024 Jun 29 14:50 web and then /home/ftp/webusers/miller dir drwxr-xr-x 2 miller webusers 1024 Jun 29 14:50 miller ***/etc/ftpd/ftpaccess*** #added guestgroup webusers guestgroup miller Now after doing this i try to ftp in: ftp timberwolf.provision.net Connected to timberwolf.provision.net. 220 timberwolf FTP server (Version wu-2.4(14) Wed Jan 8 21:17:19 MET 1997) ready. Name (timberwolf.provision.net:adren): miller 331 Password required for miller. Password: 550 Can't set guest privileges. Login failed. Remote system type is UNIX. Using binary mode to transfer files. ftp bye 221 Goodbye. I do not want users logging in with a group login. Each user should have thier own login and passwd. Because of this i don't see a reason for the group. I have read the manpages for ftpaccess and i'm still not sure why this isn't working. Is there something i'm over looking as the error 550 Can't set guest privileges. leads me to believe that i'm close? Also if i remove guestgroup miller (or both) from the ftpaccess file it does log me in but cann't find a home directory: 331 Password required for miller. Password: 230-No directory! Logging in with home=/ 230 User miller logged in. Any other suggestions??? -Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
Please do not Cc: to my e-mail address. I will only get the same message twice. On Sun, 29 Jun 1997 15:50:25 -0400 (EDT) , System Account wrote: Ok this is what i have setup right now ***/etc/passwd*** miller:passwd:5000:5000:Miller:/ftp/./web/miller:/bin/true the /bin/true is in /etc/shells This seems to be good at first sight. ***/etc/group*** webusers:*:109: miller::5000: should this be webusers:*:109:miller and all other users? Yes, it should. Or you would have to add a 'guestgroup' entry in ftpaccess for each web user. now i made a /home/ftp/webusers dir drwxr-xr-x 3 root webusers 1024 Jun 29 14:50 web and then /home/ftp/webusers/miller dir drwxr-xr-x 2 miller webusers 1024 Jun 29 14:50 miller And this would be miller's home directory? Then you should change the home directory in /etc/passwd from /ftp/./web/miller to /home/ftp/webusers/miller. About the permissions: I would make each directory like /home/ftp/webusers/miller like this: drwxr-x--x 2 miller miller 1024 Jun 29 14:50 miller This way only the user himself (and root) would be able to read his home directory. If his web pages are stored in $HOME/pub_html or something like that, this directory should be like: drwxr-xr-x 2 miller miller 1024 Jun 29 14:5 pub_html The home directory should have execute permission for all users or nobody would be able to view the web pages. Read permission is not necessary, because the www server already knows the name of the pub_html dir. ***/etc/ftpd/ftpaccess*** #added guestgroup webusers guestgroupmiller If all users are in the 'webusers' group, you only need the entry for that group. This means you have one file less to maintain if you add or remove a user. Now after doing this i try to ftp in: ftp timberwolf.provision.net Connected to timberwolf.provision.net. 220 timberwolf FTP server (Version wu-2.4(14) Wed Jan 8 21:17:19 MET 1997) ready. Name (timberwolf.provision.net:adren): miller 331 Password required for miller. Password: 550 Can't set guest privileges. Login failed. Remote system type is UNIX. Using binary mode to transfer files. ftp bye 221 Goodbye. I do not want users logging in with a group login. Each user should have thier own login and passwd. Because of this i don't see a reason for the group. I have read the manpages for ftpaccess and i'm still not sure why this isn't working. Is there something i'm over looking as the error 550 Can't set guest privileges. leads me to believe that i'm close? The only reason for the group is that you don;t have to add each user's personal group to the ftpaccess file. If you want to do that, fine. Drop the webusers group and put a 'guestgroup username' line in ftpaccess for each web user. Also if i remove guestgroup miller (or both) from the ftpaccess file it does log me in but cann't find a home directory: 331 Password required for miller. Password: 230-No directory! Logging in with home=/ 230 User miller logged in. This looks like a message you would get if your home directory doesn't exist. Are you sure that /ftp/web/miller exists or is this an error in /etc/passwd? Remco -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account...
Alex Yukhimets wrote: How do I create a FTP only account in my machine? I do not want this account to be telnettable (ie. a shell account). Iam running wu_ftp on my linux machine. I also have to do this on a machine running Solaris. This other machine is running Solaris' built-in ftpd. Would I be able to achieve the same there? Help would be greatly appreciated. This user should just have /bin/true as a shell. That works perfectly for denying telnet connections. But attempts to login for ftp fail with the following message - 530 User iflash access denied... I checked my /etc/shells and noticed that /bin/true was not listed there. Inserted a line for it and BOOM! Worked like clockwork. Thanks a lot! As a joke, I know one ISP that to prevent telnetting put to everyone's account a .login file with logout line in there :) Everyone just smart enough to ftp a better .login gained easy shell access... ROTFL! Sudhakar -- An elephant is a mouse running an Operating System. -- Donald Knuth Sudhakar Chandrasekharan(415) 937-2354 (O) International Web Engineer Type of Guy (415) 940-1896 (H) http://home.netscape.com/people/thaths/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account...
How do I create a FTP only account in my machine? I do not want this account to be telnettable (ie. a shell account). Iam running wu_ftp on my linux machine. I also have to do this on a machine running Solaris. This other machine is running Solaris' built-in ftpd. Would I be able to achieve the same there? Help would be greatly appreciated. This user should just have /bin/true as a shell. As a joke, I know one ISP that to prevent telnetting put to everyone's account a .login file with logout line in there :) Everyone just smart enough to ftp a better .login gained easy shell access... Alex Y. Sudhakar -- An elephant is a mouse running an Operating System. -- Donald Knuth Sudhakar Chandrasekharan(415) 937-2354 (O) International Web Engineer Type of Guy (415) 940-1896 (H) http://home.netscape.com/people/thaths/ _ _( )_ ( (o___ | _ 7 ''' \() (O O) / \ \ +---oOO--(_)+ |\ __/ -- | Alexander Yukhimets [EMAIL PROTECTED] | || | http://pages.nyu.edu/~aqy6633/ | ( / +-oOO---+ \ / |__|__| ) /(_ || || | (___)ooO Ooo \___) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
[Q] How to create a FTP only account...
How do I create a FTP only account in my machine? I do not want this account to be telnettable (ie. a shell account). Iam running wu_ftp on my linux machine. I also have to do this on a machine running Solaris. This other machine is running Solaris' built-in ftpd. Would I be able to achieve the same there? Help would be greatly appreciated. Sudhakar -- An elephant is a mouse running an Operating System. -- Donald Knuth Sudhakar Chandrasekharan(415) 937-2354 (O) International Web Engineer Type of Guy (415) 940-1896 (H) http://home.netscape.com/people/thaths/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: [Q] How to create a FTP only account.. for...
Hi all regarding this subject... I have used /bin/true for ftp-only accounts but i need to go one step farther. I have a /home/webusers directory where i have user accounts who with web space only. Right now they ftp in and put there html files there. But the thing is they still have access to the rest of the machine. So.. How can i have /home/webusers setup as a root dir (chroot environment)? Also i'm not sure if i want then all grouped together in one group? Can anyone explain pros/cons for this? Thanx -Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .