From owner-freebsd-questions@FreeBSD.ORG Fri Jul 10 14:27:21 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18A6F106566C for ; Fri, 10 Jul 2009 14:27:21 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) Received: from f.mail.ru.ac.za (f.mail.ru.ac.za [IPv6:2001:4200:1010::25:6]) by mx1.freebsd.org (Postfix) with ESMTP id 4928D8FC17 for ; Fri, 10 Jul 2009 14:27:20 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ru-msa; d=ru.ac.za; h=Received:From:Organization:To:Subject:Date:User-Agent:References:In-Reply-To:X-Face:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Disposition:Message-Id:X-Virus-Scanned:X-Authenticated-User; b=VccneKmwbcXgUxRVdmMyyi71eZ5YqgZLDVJGxWF6fo9sWfCeWmj6+oQRKY1tl1OsgwbYsV5eiuj5Pg9KO/YasQo/SLLGqU8I3uxqgA9nD6/otIEJ8ZgROgZTjtJYgqz0; Received: from vorkosigan.ru.ac.za ([2001:4200:1010:1058:219:d1ff:fe9f:a932]:56420) by f.mail.ru.ac.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MPH4I-000NQg-TE for freebsd-questions@freebsd.org; Fri, 10 Jul 2009 16:27:18 +0200 From: Jonathan McKeown Organization: Rhodes University To: freebsd-questions@freebsd.org Date: Fri, 10 Jul 2009 16:27:18 +0200 User-Agent: KMail/1.9.10 References: <1247235024.5167.1324439995@webmail.messagingengine.com> In-Reply-To: <1247235024.5167.1324439995@webmail.messagingengine.com> X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?utf-8?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l=3B=7E!4?= =?utf-8?q?2HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@ =?utf-8?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=dTS{i X-Virus-Scanned: f.mail.ru.ac.za (2001:4200:1010::25:6) X-Authenticated-User: s0900137 from vorkosigan.ru.ac.za (2001:4200:1010:1058:219:d1ff:fe9f:a932) using auth_plaintext Subject: Re: FTP Server for individual client spaces X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2009 14:27:21 -0000 On Friday 10 July 2009 16:10:24 RS Wood wrote: > I run a small engineering company* that exchanges large files (CAD, > etc.) with clients, and I want to keep the docs off my email server by > setting up a stand alone FTP server where each client can upload and > download its relevant files. As such, my own users/employees should be > able to reach every client=E2=80=99s FTP space but each client should onl= y be > able to reach his own. As my users finish a doc, they place it in that > client=E2=80=99s FTP directory and the client can log in and get it. As = such, > I don=E2=80=99t want any form of unauthenticated FTP. [snip] > Is the solution ftpchroot? If so, it=E2=80=99s not clear how I can chroot > each potential client into his own directory, as my understanding is > that all chrooted users wind up at the same place (like /var/ftp/pub). > Or is the solution that each client gets access to his own home > directory; if so, how do I ensure my staff has access to each client=E2= =80=99s > home directory? I haven't tried this, but man ftpd.conf suggests something along the lines = of: chroot chroot /some/path/%u where the second chroot is the ftp class, and %u will be expanded to the=20 username. Make sure all your external users are in ftp class chroot (by=20 putting their usernames in /etc/ftpchroot), and make /some/path group-owned= =20 and group-readable by a group all your staff are in (the group ownership of= a=20 directory automatically propagates to new directories created below it). Let us know how it goes! Jonathan