[ubuntu-uk] Clever tricks using vsftpd virtual users to have seperate permissisons
Hi Ubuntu uk, This is tricky subject to summerize. I'm pretty confident there isn't a solution to do what I want, but I need a sounding board, so your it. I'm looking at using vsftpd as an open ftp daemon, utilising the virtual user functionality so I don't have to use genuine /etc/passwd or shell based accounts. The issue I've got is that I need multiple users (no problem so far) to then have different read/write access to different directories under the ftp root. The virtual users have no awareness or interaction with the Unix file system permissions, nor do they respect them as they work through the ftpd process owning account. I'm looking at clever ways to do this such as a permissions schema linking into mysql, but it's starting to get a bit over the top. I'm confident this isn't possible but thought I'd throw it out to the list to see if any of you have come up with clever solutions. Thanks, Matt -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Clever tricks using vsftpd virtual users to have seperate permissisons
I've not set up an ftpd in some years, but you might look at pure-ftpd I believe that it allows you to map users to /etc/passwd entries (even if those entries have no login permissions) as well as specifying a different ftproot for different users. It was also at the time one of the more secure ftpds. Your mileage may vary. Best, Glen On 04/11/10 15:20, Matt Darcy wrote: Hi Ubuntu uk, This is tricky subject to summerize. I'm pretty confident there isn't a solution to do what I want, but I need a sounding board, so your it. I'm looking at using vsftpd as an open ftp daemon, utilising the virtual user functionality so I don't have to use genuine /etc/passwd or shell based accounts. The issue I've got is that I need multiple users (no problem so far) to then have different read/write access to different directories under the ftp root. The virtual users have no awareness or interaction with the Unix file system permissions, nor do they respect them as they work through the ftpd process owning account. I'm looking at clever ways to do this such as a permissions schema linking into mysql, but it's starting to get a bit over the top. I'm confident this isn't possible but thought I'd throw it out to the list to see if any of you have come up with clever solutions. Thanks, Matt -- Glen Mehn glen.m...@oba.co.uk skype: glenmehn | blog: http://glen.mehn.net/mba UK: +44(0)7942 675 755 | US: +1 415 704 4737 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Clever tricks using vsftpd virtual users to have seperate permissisons
I believe that vsftpd is PAM aware so it will use any authentication method that can use PAM so the obvious answer is to use something that can provide authentication and access control lists, which would suggest LDAP to me. I was looking at this recently and it seems to apply to virtual users, but that's about as far as I got. Simon On 4 Nov 2010 15:21, Matt Darcy ubuntu.li...@projecthugo.co.uk wrote: Hi Ubuntu uk, This is tricky subject to summerize. I'm pretty confident there isn't a solution to do what I want, but I need a sounding board, so your it. I'm looking at using vsftpd as an open ftp daemon, utilising the virtual user functionality so I don't have to use genuine /etc/passwd or shell based accounts. The issue I've got is that I need multiple users (no problem so far) to then have different read/write access to different directories under the ftp root. The virtual users have no awareness or interaction with the Unix file system permissions, nor do they respect them as they work through the ftpd process owning account. I'm looking at clever ways to do this such as a permissions schema linking into mysql, but it's starting to get a bit over the top. I'm confident this isn't possible but thought I'd throw it out to the list to see if any of you have come up with clever solutions. Thanks, Matt -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/ -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Clever tricks using vsftpd virtual users to have seperate permissisons
On 4 November 2010 15:20, Matt Darcy ubuntu.li...@projecthugo.co.uk wrote: Hi Ubuntu uk, This is tricky subject to summerize. I'm pretty confident there isn't a solution to do what I want, but I need a sounding board, so your it. I'm looking at using vsftpd as an open ftp daemon, utilising the virtual user functionality so I don't have to use genuine /etc/passwd or shell based accounts. The issue I've got is that I need multiple users (no problem so far) to then have different read/write access to different directories under the ftp root. The virtual users have no awareness or interaction with the Unix file system permissions, nor do they respect them as they work through the ftpd process owning account. I'm looking at clever ways to do this such as a permissions schema linking into mysql, but it's starting to get a bit over the top. I'm confident this isn't possible but thought I'd throw it out to the list to see if any of you have come up with clever solutions. Take a look at the user_config_dir option. Using it you can change settings depending on the logged in user, and hence implement basic permissions (like locking them to folders, etc.). If you want anything more advanced then I think vsftpd is not for you (not that I've ever had much fun with the others, personally). Regards, Matthew -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
