| View previous topic :: View next topic |
| Author |
Message |
ShallowCorporateRaider
Tux's lil' helper
Joined: 11 Dec 2003
Posts: 83
Location: Knoxville, TN
|
 Posted: Fri Dec 12, 2003 4:20 pm Post subject: ProFTPd and Samba Permissions Questions |
 |
|
I have searched the forums for an answer to my question, and I have found a lot of useful information. I just need somebody to tie it all together for me. I have learned a lot about Linux (and Gentoo in particular) over the past couple months, but I still feel totally lost sometimes.
Here is my situation:
My home network consists of one WinXP box, one Gentoo/WinXP box, and a Gentoo server. I have samba running on the server without any problems, and I can connect to the shared directories. I emerged ProFTPd to set up an FTP server, and I have looked at the config file, but I haven't really changed it. It seems that the default config is geared towards anonymous access, which is not at all what I want to do.
1. I want to set up the FTP server so that about 6 of my friends can access the /home/ftp directory with read-only access.
2. I want them to be able to access the /home/ftp/uploads directory with read-write access.
3. I would prefer that none of them have shell access or home areas on my server. I only want them to have FTP access and that's it.
4. I also do not want to allow any anonymous access.
5. Lastly, I would like /home/ftp to be accessible via samba to the other computers on my network, so that they have full access. This is so I can just mount this folder from the WinXP machine and easily manage the contents of the /home/ftp directory.
How do I go about doing all this? Thanks in advance for the help.
_________________
The thing I hate about an argument is that it always interrupts a discussion. -- G. K. Chesterton |
|
| Back to top |
|
 |
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Fri Dec 12, 2003 5:19 pm Post subject: |
|
|
Add your friends as users but give them no shells in /etc/passwd
Now give them passwords
Set their home directories to /home/ftp in /etc/passwd
Add the following to your proftpd.conf
| Code: | | RequireValidShell off |
Now they can login without shell access
Remove the anonymous section from your proftpd.conf to stop anonymous access
As to the folder permissions, look up on the http://www.proftpd.org site for how to do this as it's quite easy really.
Remember that proftpd will never override file system settings, so ensure that the users can actually read/write to the necessary directories first before setting up proftpd to do this as well.
GL  |
|
| Back to top |
|
|
ShallowCorporateRaider
Tux's lil' helper
Joined: 11 Dec 2003
Posts: 83
Location: Knoxville, TN
|
| Posted: Fri Dec 12, 2003 5:53 pm Post subject: |
|
|
| UberLord wrote: | Add your friends as users but give them no shells in /etc/passwd
Now give them passwords
Set their home directories to /home/ftp in /etc/passwd
Add the following to your proftpd.conf
| Code: | | RequireValidShell off |
Now they can login without shell access
GL |
Uberlord, you must be the guru when it comes to FTP stuff. Every thread I found during my earlier search seemed to have been answered by you.
Can I trouble you with a small bit of n00b clarification? Much of the syntax of the /etc/passwd file seems self-explanatory, but not quite all. For example, for the line:
me:x:1000:100::/home/me:/bin/bash
I understand that me is the user name, 1000 and 100 have something to do with uid and gid, the home directory is obvious, and the shell is obvious. What do the rest of the options mean? Or what would go in the blanks?
If I want to create an FTP only account for my friend then, I would do something like:
friend:x:1000:100::/home/ftp:/bin/false
Am I on the right track? Would I change the 1000 and the 100 to some other values? Is /bin/false the correct way to give them no shell?
Thanks for your help.
_________________
The thing I hate about an argument is that it always interrupts a discussion. -- G. K. Chesterton |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Sun Dec 14, 2003 10:27 pm Post subject: |
|
|
| ShallowCorporateRaider wrote: |
Uberlord, you must be the guru when it comes to FTP stuff. Every thread I found during my earlier search seemed to have been answered by you.
|
Ah - my infamy spreads fast 
| Quote: |
Can I trouble you with a small bit of n00b clarification? Much of the syntax of the /etc/passwd file seems self-explanatory, but not quite all. For example, for the line:
me:x:1000:100::/home/me:/bin/bash
I understand that me is the user name, 1000 and 100 have something to do with uid and gid, the home directory is obvious, and the shell is obvious. What do the rest of the options mean? Or what would go in the blanks?
If I want to create an FTP only account for my friend then, I would do something like:
friend:x:1000:100::/home/ftp:/bin/false
Am I on the right track? Would I change the 1000 and the 100 to some other values? Is /bin/false the correct way to give them no shell?
Thanks for your help. |
Sort of
I would use the following command | Code: | | useradd -d /home/ftp -g ftp -s /bin/false -p chooseapassword friend |
The blanks you see are where old values such as passwords were stored. These days they are in a secure location that only root can read.
1000 and 100 are UID and GID respectively. You are correct
/bin/false is the correct way to give users no shells.
You can also give them /dev/null which can be viewed as more secure. |
|
| Back to top |
|
|
ShallowCorporateRaider
Tux's lil' helper
Joined: 11 Dec 2003
Posts: 83
Location: Knoxville, TN
|
| Posted: Mon Dec 15, 2003 5:51 pm Post subject: Thanks |
|
|
Thanks, Uberlord. I've got it all working now. Your help was invaluable. 
_________________
The thing I hate about an argument is that it always interrupts a discussion. -- G. K. Chesterton |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
