Re: [TCLUG:14791] FTP

[Nate Carlson <natecars@real-time.com>]

On Thu, 16 Mar 2000, Bob Tanner wrote:

> Quoting Adam Maloney (adam@iexposure.com):
> > So I'm starting to get more webhosting clients that want FTP access to
> > manage their own sites (with Frontpage...grumble)  How can I setup FTP
> > so that when a user logs in they are restricted to their web directory? 
> > Right now we made some permission changes so they can CD around but
> > can't actually view anything.  I'd like to do a little better than this
> > if possible.
> > 
> 
> :-)
> 
> Make an entirely new box, put it on network where nothing else is critical.
> IPChain the crap out of it, run an anal tripwire, backup the box complete
> every night and EXCEPT it to be compromised.
> 
> This is if you want to run Linux, Apache+FP extension. The above is what we
> had to do to support FP. And the steps we took to keep it somewhat secure.
> 
> I might be wrong, because I did not do all the work, but I believe you have to
> have pretty open perm in order for FP to work right.
> 
> Nate, can you fill in the details?

Well, that's just if you want FrontPage extensions.. I think he was
talking about just locking down FTP so they can't cd ~otheruser and view
stuff in their home directory. For the record, I think wu-ftpd doesn't
support that, but I'm 99% sure that ProFTPD does..

Now, about the FrontPage stuff, yeah, the stuff you have to set kind of
suck.. AllowOverride All, etc.. not _too_ nasty, but still not something I
like dealing with.   :(

-- 
Nate Carlson <natecars@real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500