Building a flexable FTP Server

Ed Wilts ewilts at ewilts.org
Thu Nov 11 19:44:31 UTC 2004 

On Thu, Nov 11, 2004 at 08:14:01AM -0800, Brian McGrew wrote:
> Good morning all,
> 
> I need to rebuild our FTP server.  It's currently running on a Solaris
> 2.6 box and it's been so long ago that I've forgotten what I did and I'm
> sure the technology has changed considerably since.
> 
> I have a couple of requirements and I'm hoping that someone can point me
> in the right direction.

First issue.  Scrap vsftpd - it's way, way too simplistic for anything
that has real-world non-anonymous requirements.  We're running ProFTPd
on our RHEL 3 server.  It's replacing an older wu-ftpd implementation.
 
> 1)  I have about 250 customers that will need read access to their own
> folders only and read access to an Updates folder located outside their
> home directory

As long as you can define this rule clearly, this can be done in
ProFTPd.  For example, here's how to restrict access to a download area:
  <Directory ~/pub/download/*>
    <Limit WRITE SITE_CHMOD>
      DenyAll
    </Limit>
  </Directory>

> 2)  I have about 100 staff members that have nfs mounted home
> directories who will need access to not only their own directories but
> read/write access to all the customers directories.

See above.

> 3)  I have a Updates folder located outside of my staff or customers
> home directories that customers will need read access to and staff will
> need read/write access to.

See above.

You can do some of this stuff with Virtual Servers too.  For example, I
have 2 interfaces on my DMZ system - one pointing internally and one
pointing externally.  For an internal client, they can roam all over the
file system limited only by their traditional file system access.  For
external connections, they're automatically chroot'ed to their home
directories.  A user will have one set of restrictions on our internal
network and a different set from the outside world.
 
> Any suggestions on implementing this under FC2/3?

Grab the ProFTPd rpm from Dag's archive.  Help is at
http://www.proftpd.org.  There's a mailing list too.

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program

More information about the redhat-list mailing list