Re: [Q] How to create a FTP only account.. for...
On Sun, 29 Jun 1997 J.R.Blaakmeer@student.utwente.nl wrote
> > Hi all
> Hi
> > regarding this subject... I have used /bin/true for ftp-only
> > accounts but i need to go one step farther. I have a /home/webusers
> > directory where i have user accounts who with web space only. Right now
> > they ftp in and put there html files there. But the thing is they still
> > have access to the rest of the machine. So..
> > How can i have /home/webusers setup as a root dir (chroot
> > environment)?
> Set up wu-ftpd as your ftp server. Then put all users into one group. This
> doesn't need to be the only group they are in. Call this group 'ftponly'
> just to be obvious. Then edit the ftpaccess file and place a line
> guestgroup ftponly
> in it.
> Then put files like bin/ls, etc/passwd and etc/group into their home
> directories just as if they were the home directory for an anonymous ftp
> account. If you forget this they won't be able to do 'ls'.
>
> Now you should be all set up. Don't forget to read the right man
> pages so you understand what I am talking about (ftpaccess has its own
> page).
> > Also i'm not sure if i want then all grouped together in one
> > group? Can anyone explain pros/cons for this?
> I have no idea about really bad or really good things, but if they have
> a umask 002 like in a standard Debian system, their primary group should
> not be ftponly and their files should not be group-owned by this group. A
> pro is of course that the thing with wu-ftpd actually works if they are in
> one group.
>
> Remco
Ok this is what i have setup right now
***/etc/passwd***
miller:passwd:5000:5000:Miller,,,,:/ftp/./web/miller:/bin/true
the /bin/true is in /etc/shells
***/etc/group***
webusers:*:109:
miller::5000:
should this be webusers:*:109:miller and all other users?
now i made a /home/ftp/webusers dir
drwxr-xr-x 3 root webusers 1024 Jun 29 14:50 web
and then /home/ftp/webusers/miller dir
drwxr-xr-x 2 miller webusers 1024 Jun 29 14:50 miller
***/etc/ftpd/ftpaccess***
#added
guestgroup webusers
guestgroup miller
Now after doing this i try to ftp in:
>ftp timberwolf.provision.net
Connected to timberwolf.provision.net.
220 timberwolf FTP server (Version wu-2.4(14) Wed Jan 8 21:17:19 MET 1997)
ready.
Name (timberwolf.provision.net:adren): miller
331 Password required for miller.
Password:
550 Can't set guest privileges.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.
I do not want users logging in with a group login. Each user
should have thier own login and passwd. Because of this i don't see a
reason for the group. I have read the manpages for ftpaccess and i'm still
not sure why this isn't working. Is there something i'm over looking as
the error 550 Can't set guest privileges. leads me to believe that i'm
close?
Also if i remove guestgroup miller (or both) from the ftpaccess file it
does log me in but cann't find a home directory:
331 Password required for miller.
Password:
230-No directory! Logging in with home=/
230 User miller logged in.
Any other suggestions???
-Rob
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: