Date: Fri, 10 Jul 2009 15:10:24 +0100 From: "RS Wood" <rswood@therandymon.com> To: "freebsdquestions" <freebsd-questions@freebsd.org> Subject: FTP Server for individual client spaces Message-ID: <1247235024.5167.1324439995@webmail.messagingengine.com>
next in thread | raw e-mail | index | archive | help
I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client=E2=80=99s FTP space but each client should only = be able to reach his own. As my users finish a doc, they place it in that client=E2=80=99s FTP directory and the client can log in and get it. As su= ch, I don=E2=80=99t want any form of unauthenticated FTP. I=E2=80=99ve tried different combinations of group names and directory permissions without success, but chrooting users doesn=E2=80=99t seem to so= lve my problem either, and my two favorite BSD books =E2=80=93 Tiemann et. al. (Unleashed) and Lucas (Absolute) take the same approach the man pages do, in my opinion, which guides you either into an all anonymous system, or a system suitable for organizations such as software distributors in which clients/users authenticate but then all access the same directory (/pub for example). I could use some help conceptualizing this. Is the solution ftpchroot? If so, it=E2=80=99s not clear how I can chroot each potential client into his own directory, as my understanding is that all chrooted users wind up at the same place (like /var/ftp/pub).=20 Or is the solution that each client gets access to his own home directory; if so, how do I ensure my staff has access to each client=E2=80= =99s home directory? Lastly, I=E2=80=99ve also been reading up on PureFTP, which seems to have some advanced configuration potential (including LDAP authentication, something else that interests me) but it=E2=80=99s not clear that using an alternative product is indicated here. This seems like something other organizations must have dealt with, so I must be missing something fundamental. Can someone point me in the right direction? Finally, I=E2=80=99m aware FTP has inherent security liabilities as passwor= ds cross the net in clear text, but I=E2=80=99m not convinced casual users on Windows boxes will be able to manage fun stuff like SSH connections or alternative software, like SCP. In my experience, the =E2=80=9Cmodern=E2= =80=9D windows user accesses FTP sites using Internet Explorer, which is tremendously underwhelming. As such I am choosing a stand alone box on which no other services are running (mail, X, etc.). Am I right? Or is there some better method that won=E2=80=99t be too complex for the casual Windows user? Thanks advance for the pointers. Randy -- www.therandymon.com *Actually, this is all hypothetical, but I=E2=80=99m learning server admin = so I can cross this bridge when the time comes, and having a lot of fun, naturally, since right now my screw ups don=E2=80=99t count!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1247235024.5167.1324439995>