Anthony J Placilla wrote:
> ImagePlace IT wrote:
>
>> Greg Swift wrote:
>>
>>> ImagePlace IT wrote:
>>>
>>>> Greetings,
>>>>
>>>> Please except my apologies for being off
topic. I'm looking for a
>>>> pointer to recommended practices. (With an
explanation and attached
>>>> question).
>>>>
>>>> I need to configure a vsftpd service
denying anonymous logins and
>>>> sharing nothing. That is, customers get a
username, password and a
>>>> dir, with full permissions, without the
ability to see other dirs.
>>>>
>>>> Q: How to create and manage usernames and
passwords without giving
>>>> them a system user/group account? Or should
I give the system account
>>>> and deny shell logins and access to other
services etc...?
>>>>
>>> You can do what Anthony recommended, but imho
there is no reason to
>>> generate nologin accounts for ftp access.
Personally I have been using
>>> pure-ftpd (http://www.pureftpd.org/
) for my ftp server. Its a very
>>> stable, and very secure (i've had no issues,
and my use is as an isp).
>>> It gives you all kinds of control over what the
users are doing, and
>>> provides true virtual user support, in or out
of a chroot environment.
>>> You can backend it with a simple auth file, or
backend with a db or ldap.
>>>
>>> unfortunately its not an rpm install (unless u
try using fedora's
>>> extra package, which I havent).
>>>
>>> i'm not affiliated in any way.. i just think it
blows vsftpd out of
>>> the water.
>>>
>>> -greg
>>>
>>>
>> Thank you all for your info.
>> A pureftpd implementation looks rather capable.
Looks to allow
>> scalability, manageability and reliability which
therefore eases my
>> backup and disaster recovery routines. (Specific
to the ftp service).
>> However, the lack of a Red Hat issued RPM is
grounds for at least a
>> second thought due to the inherent advantages to
that methodology.
>>
>> Looks like a fork in the road here. Pondering
whether to use the system
>> UID/GID or diverge from Red Hat recommendations...
>>
>> Breaking the RH RPM methodology will require a new
level of procedure
>> and documentation... hmm... Always a function of
time for me. Ha Ha Ha.
>>
>> Thanks again for the info.
>>
>> Jeff
>>
>>
>
> Another option is to get the SRPM & such from the
CentOS site, Fedora
> extras, or from Dag's repository & rebuild it for
your system.
>
> Or you could build from source as:
>
> rpmbuild -ta pure-ftpd-1.0.21.tar.gz
>
> In any case you're not going to have RedHat's support
but at least
> you'll keep it in the methodology.
>
> Sometimes, if you can't have the whole hog, a ham
sandwich is good enough.
>
So I'm kinda curious... does anyone know how one would go
about making a
recommendation for inclusion of a package, or even better
replacement?
From what I can tell pure-ftpd can do everything vsftpd
does and more.
Numerous other distros ship with it, some even as default (I
believe its
the default ftpd for SuSE).
This would help with people like Jeff and I who have to
break our
installation procedures by installing a non-RH standard
package. (Like
Jeff, my goal with most of my systems was to try and make
them work
within the confines of the RH package list).
-greg
--
“While it is possible to change without improving, it is
impossible to improve without changing.” -anonymous
“only he who attempts the absurd can achieve the
impossible.” -anonymous
_______________________________________________
rhelv5-list mailing list
rhelv5-list redhat.com
h
ttps://www.redhat.com/mailman/listinfo/rhelv5-list
|
