Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Jul 2009 15:10:24 +0100
From:      "RS Wood" <rswood@therandymon.com>
To:        "freebsdquestions" <freebsd-questions@freebsd.org>
Subject:   FTP Server for individual client spaces
Message-ID:  <1247235024.5167.1324439995@webmail.messagingengine.com>

Next in thread | Raw E-Mail | Index | Archive | Help
I run a small engineering company* that exchanges large files (CAD,
etc.) with clients, and I want to keep the docs off my email server by
setting up a stand alone FTP server where each client can upload and
download its relevant files.  As such, my own users/employees should be
able to reach every client=E2=80=99s FTP space but each client should only =
be
able to reach his own.  As my users finish a doc, they place it in that
client=E2=80=99s FTP directory and the client can log in and get it.  As su=
ch,
I don=E2=80=99t want any form of unauthenticated FTP.

I=E2=80=99ve tried different combinations of group names and directory
permissions without success, but chrooting users doesn=E2=80=99t seem to so=
lve
my problem either, and my two favorite BSD books =E2=80=93 Tiemann et. al.
(Unleashed) and Lucas (Absolute) take the same approach the man pages
do, in my opinion, which guides you either into an all anonymous system,
or a system suitable for organizations such as software distributors in
which clients/users authenticate but then all access the same directory
(/pub for example).  I could use some help conceptualizing this.

Is the solution ftpchroot?  If so, it=E2=80=99s not clear how I can chroot
each potential client into his own directory, as my understanding is
that all chrooted users wind up at the same place (like /var/ftp/pub).=20
Or is the solution that each client gets access to his own home
directory; if so, how do I ensure my staff has access to each client=E2=80=
=99s
home directory?  Lastly, I=E2=80=99ve also been reading up on PureFTP, which
seems to have some advanced configuration potential (including LDAP
authentication, something else that interests me) but it=E2=80=99s not clear
that using an alternative product is indicated here.
This seems like something other organizations must have dealt with, so I
must be missing something fundamental.  Can someone point me in the
right direction?

Finally, I=E2=80=99m aware FTP has inherent security liabilities as passwor=
ds
cross the net in clear text, but I=E2=80=99m not convinced casual users on
Windows boxes will be able to manage fun stuff like SSH connections or
alternative software, like SCP.  In my experience, the =E2=80=9Cmodern=E2=
=80=9D
windows user accesses FTP sites using Internet Explorer, which is
tremendously underwhelming.  As such I am choosing a stand alone box on
which no other services are running (mail, X, etc.).  Am I right?  Or is
there some better method that won=E2=80=99t be too complex for the casual
Windows user?

Thanks advance for the pointers.

Randy
--
www.therandymon.com

*Actually, this is all hypothetical, but I=E2=80=99m learning server admin =
so
I can cross this bridge when the time comes, and having a lot of fun,
naturally, since right now my screw ups don=E2=80=99t count!



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?1247235024.5167.1324439995>