--===============0098266554==
Content-Type: multipart/alternative;
boundary="=====================_428052500==.ALT"

--=====================_428052500==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 12:54 PM 11/18/2007, Vasil Lalov wrote:
>Hello everyone,
>
>Is it possible to force proftpd to ALWAYS use the same UID when
>storing files? I have a server in which authorized users can upload
>files via FTP. The challenge here is that all files must be owned by
>the same UID and GID.


Summary:
- maybe you could do it with alternate passwd files
- maybe you could do it with SQL or LDAP authentication
- or maybe just use directives GroupOwner and UserOwner?


I do something similar, forcing all but administrative users to use
one UID/GID. By forcing all users to _run_ as the same user all
stored files are then owned by that user. However, the _way_ I do
this might not be something you can use.

The User and Group directives seem like something you might use, but
really don't help here. While they do set the uid/gid for the server
this is used only during the initial connection. Once the remote
user is authenticated the uid/gid from that user's record is then used.

So how does one force an alternate uid/gid? In our setup we use
AuthUserFile and AuthGroupFile to point to alternative passwd/group
files to contain the user records for all FTP users. Since this is
our own copy of user records we can simply change the uid/gid fields
to the same value for each user.

We can do this easily because almost all the FTP users are _not_
local server users. We keep a completely separate set of users, only
for FTP usage. (We do copy a couple of 'real' users to the end of
our passwd file for our convenience)

If you also have a separate set of users only for FTP then you could
do this also. Perhaps even if the users include local server users
you could make a copy of /etc/passwd and set the uid/gid for ProFTPD to use?

We construct our alternate passwd file using a couple different
source files whenever we change any user information. At the next
time that ProFTPD does user authentication it will 'see' the new
alternate passwd file.


We use plain passwd files but there are other ways of doing
authentication. The user authentication methods that use SQL or LDAP
have several interesting looking directives, such as
LDAPForceDefaultUID and SQLDefaultUID. You might want to look at
those methods to see if that would fit your authentication requirements better.


I'd like to note that we also use the *nix feature of copying/forcing
the group ownership onto new files in a directory. If you set the
uncommon permission mode 's' or 2000 on a directory, then all new
files created in that directory inherit the same group ownership as
for the directory. If you set this mode on the directory and also
set the group owner, like this
chown budgftp:budgftp testme
chmod 2770 testme
drwxrws--- 4 budgftp budgftp 4096 May 9 2003 testme
then any new files within that directory will have gid set to budgftp.

We use this because some files dropped into some FTP directories
arrive in other ways, such as web or email. We needed an easy way to
force every file to have something in common and this was good enough.
-rw-r--r-- 1 mail budgftp 264524 Nov 16 13:11 000455X_.467
-rw-rw---- 1 apache budgftp 605083 Nov 15 15:30 beans.pdf
Would forcing the group ownership to be the same be enough for your needs?


Hey, reviewing the ProFTPD configuration directives it seems there is
something similar. Check out the directives GroupOwner and
UserOwner. Hmm, maybe *this* is what you want?!? Please try them
and let us know.


>Basically I have the following folder structure:
>
>/ftproot/user1
>/ftproot/user2
>/ftproot/user3
>
>...and so on. Each user gets a subfolder in the main ftproot.
>
>Thanks for your time.
>
>==
>Vasil Lalov
>Department Of Computer Science
>Bowling Green State University
>Bowling Green, OH 43403
>lalovv@bgsu.edu
>-------------------------------------------------------------------------
>This SF.net email is sponsored by: Microsoft
>Defy all challenges. Microsoft(R) Visual Studio 2005.
>http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>_______________________________________________
>ProFTPD Users List
>Unsubscribe problems?
>http://www.proftpd.org/list-unsub.html


--=====================_428052500==.ALT
Content-Type: text/html; charset="us-ascii"



At 12:54 PM 11/18/2007, Vasil Lalov wrote:

Hello everyone,


Is it possible to force proftpd to ALWAYS use the same UID when storing
files? I have a server in which authorized users can upload files via
FTP. The challenge here is that all files must be owned by the same UID
and GID.


Summary:

  - maybe you could do it with alternate passwd files

  - maybe you could do it with SQL or LDAP authentication

  - or maybe just use directives GroupOwner and
UserOwner?




I do something similar, forcing all but administrative users to use one
UID/GID.   By forcing all users to _run_ as the same user all
stored files are then owned by that user.  However, the _way_ I do
this might not be something you can use.


The User and Group directives seem like something you might use, but
really don't help here.  While they do set the uid/gid for the
server this is used only during the initial connection.  Once the
remote user is authenticated the uid/gid from that user's record is then
used. 


So how does one force an alternate uid/gid?  In our setup we use
AuthUserFile and AuthGroupFile to point to alternative
passwd/group files to contain the user records for all FTP users. 
Since this is our own copy of user records we can simply change the
uid/gid fields to the same value for each user.


We can do this easily because almost all the FTP users are _not_ local
server users.  We keep a completely separate set of users, only for
FTP usage.  (We do copy a couple of 'real' users to the end of our
passwd file for our convenience)


If you also have a separate set of users only for FTP then you could do
this also.  Perhaps even if the users include local server users you
could make a copy of /etc/passwd and set the uid/gid for ProFTPD to
use? 


We construct our alternate passwd file using a couple different source
files whenever we change any user information.  At the next time
that ProFTPD does user authentication it will 'see' the new alternate
passwd file.




We use plain passwd files but there are other ways of doing
authentication.  The user authentication methods that use SQL or
LDAP have several interesting looking directives, such as
LDAPForceDefaultUID and SQLDefaultUID.  You might want
to look at those methods to see if that would fit your authentication
requirements better.




I'd like to note that we also use the *nix feature of copying/forcing the
group ownership onto new files in a directory.  If you set the
uncommon permission mode 's' or 2000 on a directory, then all new files
created in that directory inherit the same group ownership as for the
directory.  If you set this mode on the directory and also set the
group owner, like this

      chown budgftp:budgftp testme

      chmod 2770 testme

      drwxrws---    4
budgftp  budgftp      4096 May 
9  2003 testme

then any new files within that directory will have gid set to
budgftp.


We use this because some files dropped into some FTP directories arrive
in other ways, such as web or email.  We needed an easy way to force
every file to have something in common and this was good enough. 


    -rw-r--r--    1
mail     budgftp      
264524 Nov 16 13:11 000455X_.467

    -rw-rw----    1 apache  
budgftp       605083 Nov 15 15:30
beans.pdf

Would forcing the group ownership to be the same be enough for your
needs?




Hey, reviewing the ProFTPD configuration directives it seems there is
something similar.  Check out the directives GroupOwner and
UserOwner.  Hmm, maybe *this* is what you want?!? 
Please try them and let us know. 




Basically I have
the following folder structure:


/ftproot/user1

/ftproot/user2

/ftproot/user3


....and so on. Each user gets a subfolder in the main ftproot.


Thanks for your time.


==

Vasil Lalov

Department Of Computer Science

Bowling Green State University

Bowling Green, OH 43403

lalovv@bgsu.edu

-------------------------------------------------------------------------

This SF.net email is sponsored by: Microsoft

Defy all challenges. Microsoft(R) Visual Studio 2005.


http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/


_______________________________________________

ProFTPD Users List   <proftpd-users@proftpd.org>

Unsubscribe problems?


http://www.proftpd.org/list-unsub.html



--=====================_428052500==.ALT--



--===============0098266554==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
--===============0098266554==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
--===============0098266554==--