Date: Wed, 04 Dec 96 13:11:32 -0500 From: <dwoodward@intraserve.com> To: Allen Hyer <allenh@wtrt.net> Cc: "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org> Subject: Re: wuftpd questions Message-ID: <m0vV265-000ox7C@intraserve.com>
next in thread | raw e-mail | index | archive | help
-- [ From: Doug Woodward * EMC.Ver #3.1 ] --
> Allen Hyer
> System Administrator
> West Texas Rural Telephone
> Wrote:
> I am using 2.1.5-Release, and have installed wu-ftpd. No problems
with that, but now I have a couple of questions regarding its operation.
>
> 1. When a user logs on to the ftp daemon, can I restrict them to
> where the only directory they can see is their home directory? It
> would be nice if their home directory showed up as their "root"
> directory.
This can be setup for any user using a real sign-on id and password by
modifing your wuftpd ftpaccess and password files for the users plus
adding one new sub-directory to each user's home directory.
The passwd file:
1) Change each users "home directory" to read
/home/username/./
where /home/username/ is their root directory. The ./ is for wuftpd
to tell it this is their top directory and prevent the user from
going "higher". Any directory below will accessable to the user
depending on the permissions you setup.
If you wish to restrict their telnet/rlogin access change their
"shell" to "/bin/false" or "/bin/true". This will automatically log
them out as soon as they login in via telnet,etc. but it does not
affect their ftp access (wuftpd acts as their shell).
2) Add a /bin sub-directory to each user's home (root) directory and
place a copy of "ls". (For security reasons I suggese you do not do a
link to "ls".) This allows the users to list the directories and
files in their root directory.
3) Modify the wuftpd "ftpaccess" file (normally this file is located
in "/etc" unless you have compiled wuftpd with a different setup) as
follows.
A) Find the line called guestgroup and add the "group" these users
are in, to it. If you have more than one group seperate each one
with a space-not commas. Sample:
# specify which group of users will be treated as "guests".
guestgroup web dialup
B) Set the default permissions for each user as to what you will
allow them to do by adding a line such as this sample for each
user:
upload /usr/home/directory * Yes loginid group 0750 dirs
where "/usr/home/dirctory" is the users "root dir.", "loginid"
is the user's login name and group" is the group you have
assigned them to.
"750" is the default directory/file permissions for new sub-
directories they create and any files they upload.
C) Check the permissions for what each type of user can do -
anonymous, real and guest.
delete no anonymous # delete permission?
overwrite no anonymous # overwrite permission?
rename no anonymous # rename permission?
chmod no anonymous # chmod permission?
umask no anonymous # umask permission?
This sample allows any user who is NOT an anonymous login to do
any of the above. If you wish to restrict any of these add
the user type(s) to the line using a comma, such as:
Delete no anonymous,real,guest # delete permission?
D) Check your path filter line for characters in file/dir names
that you will allow to be used.
path-filter guest /etc/msgs/badname.msg ^[-A-Za-z0-9_&-
\.]*$ ^\.
Anything between the [ ] brackets is allowed. This sample only
allow letter and numbers plus the symbols _&-.
E) Check the line for max guest logins allowed and make sure it is
set to allow for a reasonable number.
limit guest 30 Any /etc/msgs/msg.toomany
If you want to restrict the hours of the day and/or the days of
the week they can login change "Any". Such as:
limit guest 30 MoTuWeThFr|0800-1800 /
would restrict them to 30 users total, mon-fri, 8am-6pm.
> 2. When connecting to the ftp daemon from Internet Explorer, when you
> select a file to start downloading, the dialog box that shows the
> progress says "file size unknown". Is there something in the setup
> that will allow it to tell Exporer the size of the file that is being
> downloaded?
Sorry but I can't help on this one.
Doug Woodward
IntraServe Technologies Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0vV265-000ox7C>