From owner-freebsd-questions@FreeBSD.ORG Fri Dec 31 04:58:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9020E16A4CE for ; Fri, 31 Dec 2004 04:58:12 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 037C943D41 for ; Fri, 31 Dec 2004 04:58:12 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] (pool-68-160-208-232.ny325.east.verizon.net [68.160.208.232]) by pi.codefab.com (8.12.11/8.12.11) with ESMTP id iBV4w5WY034019 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Dec 2004 23:58:07 -0500 (EST) Message-ID: <41D4DCCC.3020106@mac.com> Date: Thu, 30 Dec 2004 23:59:56 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en-us, en MIME-Version: 1.0 To: CHris Rich References: <8292450b041230095411c9e21c@mail.gmail.com> In-Reply-To: <8292450b041230095411c9e21c@mail.gmail.com> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.8 required=5.5 tests=RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=disabled version=3.0.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on pi.codefab.com cc: questions@freebsd.org Subject: Re: proftpd permissions and restrictions help X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Dec 2004 04:58:12 -0000 CHris Rich wrote: > I am setting up an ftp server for a few friends using pro ftp. I need > to implement restrictions based on usernames. > > Here is what I want: an account for being able to only browse the ftp > site, an account for uploading, and an account for downloading based > on the user. FTP daemons support the notion of an anonyous user, and of named users (typically normal Unix user accounts). Anonymous users can only browse under /var/ftp in a typical configuration, but you can set up a world-writable /var/ftp/pub/incoming directory and a cron job that moves files in there somewhere else every five minutes (to avoid warez redistributors from hosting crap on your site). Normal users will be able to read and write whereever their user account permissions let them, but you can set up user-owned areas or even a group-writable area under /var/ftp/ if you want to do that instead. However, I would also recommend you avoid using authenticated FTP users for anything you really care about in terms of security: use FTP for anonymous access only, and use scp for authenticated/secure access. If that doesn't fit your circumstances, consider using HTTPS and WebDAV... -- -Chuck