From owner-freebsd-isp  Tue Dec  3 13:10:46 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA11953
          for isp-outgoing; Tue, 3 Dec 1996 13:10:46 -0800 (PST)
Received: from intraserve.com (NS1.INTRASERVE.COM [204.174.32.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id NAA11947
          for <freebsd-isp@freebsd.org>; Tue, 3 Dec 1996 13:10:36 -0800 (PST)
Received: from [204.174.32.130] by intraserve.com with smtp
	(Smail3.1.29.1 #3) id m0vV265-000ox7C; Tue, 3 Dec 96 13:09 PST
Message-Id: <m0vV265-000ox7C@intraserve.com>
To: Allen Hyer <allenh@wtrt.net>
Subject: Re: wuftpd questions
Date: Wed, 04 Dec 96 13:11:32 -0500
From: <dwoodward@intraserve.com>
X-Mailer: E-Mail Connection v3.1
CC: "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org>
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

-- [ From: Doug Woodward * EMC.Ver #3.1 ] --

> Allen Hyer
> System Administrator
> West Texas Rural Telephone
> Wrote:

> I am using 2.1.5-Release, and have installed wu-ftpd.  No problems 
with that, but now I have a couple of questions regarding its operation.
> 
> 1.  When a user logs on to the ftp daemon, can I restrict them to
> where the only directory they can see is their home directory?  It
> would be nice if their home directory showed up as their "root"
> directory.

This can be setup for any user using a real sign-on id and password by 
modifing your wuftpd ftpaccess and password files for the users plus 
adding one new sub-directory to each user's home directory.

The passwd file:
       
   1) Change each users "home directory" to read

         /home/username/./
   
   where /home/username/ is their root directory. The ./ is for wuftpd
   to tell it this is their top directory and prevent the user from
   going "higher". Any directory below will accessable to the user
   depending on the permissions you setup.

   If you wish to restrict their telnet/rlogin access change their
   "shell" to "/bin/false" or "/bin/true". This will automatically log
   them out as soon as they login in via telnet,etc. but it does not
   affect their ftp access (wuftpd acts as their shell).

   2) Add a /bin sub-directory to each user's home (root) directory and
   place a copy of "ls". (For security reasons I suggese you do not do a
   link to "ls".) This allows the users to list the directories and
   files in their root directory. 

   3) Modify the wuftpd "ftpaccess" file (normally this file is located
   in "/etc" unless you have compiled wuftpd with a different setup) as
   follows.

    A) Find the line called guestgroup and add the "group" these users
       are in, to it. If you have more than one group seperate each one
       with a space-not commas. Sample:
 
       # specify which group of users will be treated as "guests".
       guestgroup web dialup 

    B) Set the default permissions for each user as to what you will
       allow them to do by adding a line such as this sample for each
       user: 

       upload /usr/home/directory * Yes loginid group 0750 dirs

       where "/usr/home/dirctory" is the users "root dir.", "loginid"
       is the user's login name and group" is the group you have
       assigned them to.

       "750" is the default directory/file permissions for new sub-
       directories they create and any files they upload.

    C) Check the permissions for what each type of user can do -
       anonymous, real and guest. 

       delete         no    anonymous    # delete permission?
       overwrite      no    anonymous    # overwrite permission?
       rename         no    anonymous    # rename permission?
       chmod          no    anonymous    # chmod permission?
       umask          no    anonymous    # umask permission?
              

       This sample allows any user who is NOT an anonymous login to do
       any of the above. If you wish to restrict any of these add
       the user type(s) to the line using a comma,  such as:

       Delete         no    anonymous,real,guest   # delete permission?

    D) Check your path filter line for characters in file/dir names
       that you will allow to be used. 

       path-filter  guest      /etc/msgs/badname.msg  ^[-A-Za-z0-9_&-
       \.]*$  ^\. 

       Anything between the [ ] brackets is allowed. This sample only
       allow letter and numbers plus the symbols  _&-. 

    E) Check the line for max guest logins allowed and make sure it is
       set to allow for a reasonable number.

       limit    guest    30  Any                /etc/msgs/msg.toomany


       If you want to restrict the hours of the day and/or the days of
       the week they can login change "Any". Such as:

       limit    guest     30   MoTuWeThFr|0800-1800 /

       would restrict them to 30 users total,  mon-fri, 8am-6pm.


> 2. When connecting to the ftp daemon from Internet Explorer, when you
> select a file to start downloading, the dialog box that shows the
> progress says "file size unknown".  Is there something in the setup
> that will allow it to tell Exporer the size of the file that is being
> downloaded?

Sorry but I can't help on this one.

Doug Woodward
IntraServe Technologies Inc.