From owner-freebsd-questions@FreeBSD.ORG Fri Jul 10 14:10:25 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF777106567E for ; Fri, 10 Jul 2009 14:10:25 +0000 (UTC) (envelope-from rswood@therandymon.com) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id C672B8FC27 for ; Fri, 10 Jul 2009 14:10:25 +0000 (UTC) (envelope-from rswood@therandymon.com) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id D5FC13AFB9D for ; Fri, 10 Jul 2009 10:10:24 -0400 (EDT) Received: from web5.messagingengine.com ([10.202.2.214]) by compute2.internal (MEProxy); Fri, 10 Jul 2009 10:10:24 -0400 Received: by web5.messagingengine.com (Postfix, from userid 99) id B78E05D379; Fri, 10 Jul 2009 10:10:24 -0400 (EDT) Message-Id: <1247235024.5167.1324439995@webmail.messagingengine.com> X-Sasl-Enc: rxLZKBX9SDJbnJBp0KfaT9T4Jtx3NcfqY+yhsCHgQG+K 1247235024 From: "RS Wood" To: "freebsdquestions" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface Date: Fri, 10 Jul 2009 15:10:24 +0100 Subject: FTP Server for individual client spaces X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2009 14:10:26 -0000 I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client=E2=80=99s FTP space but each client should only = be able to reach his own. As my users finish a doc, they place it in that client=E2=80=99s FTP directory and the client can log in and get it. As su= ch, I don=E2=80=99t want any form of unauthenticated FTP. I=E2=80=99ve tried different combinations of group names and directory permissions without success, but chrooting users doesn=E2=80=99t seem to so= lve my problem either, and my two favorite BSD books =E2=80=93 Tiemann et. al. (Unleashed) and Lucas (Absolute) take the same approach the man pages do, in my opinion, which guides you either into an all anonymous system, or a system suitable for organizations such as software distributors in which clients/users authenticate but then all access the same directory (/pub for example). I could use some help conceptualizing this. Is the solution ftpchroot? If so, it=E2=80=99s not clear how I can chroot each potential client into his own directory, as my understanding is that all chrooted users wind up at the same place (like /var/ftp/pub).=20 Or is the solution that each client gets access to his own home directory; if so, how do I ensure my staff has access to each client=E2=80= =99s home directory? Lastly, I=E2=80=99ve also been reading up on PureFTP, which seems to have some advanced configuration potential (including LDAP authentication, something else that interests me) but it=E2=80=99s not clear that using an alternative product is indicated here. This seems like something other organizations must have dealt with, so I must be missing something fundamental. Can someone point me in the right direction? Finally, I=E2=80=99m aware FTP has inherent security liabilities as passwor= ds cross the net in clear text, but I=E2=80=99m not convinced casual users on Windows boxes will be able to manage fun stuff like SSH connections or alternative software, like SCP. In my experience, the =E2=80=9Cmodern=E2= =80=9D windows user accesses FTP sites using Internet Explorer, which is tremendously underwhelming. As such I am choosing a stand alone box on which no other services are running (mail, X, etc.). Am I right? Or is there some better method that won=E2=80=99t be too complex for the casual Windows user? Thanks advance for the pointers. Randy -- www.therandymon.com *Actually, this is all hypothetical, but I=E2=80=99m learning server admin = so I can cross this bridge when the time comes, and having a lot of fun, naturally, since right now my screw ups don=E2=80=99t count!