Trevor Best wrote:
> I want to set up an FTP server on my network at work. We have a bunch
> of external IPs, the infrastructure is there, indeed I've already done
> this with a windows machine (it's a Windows network) but for FTP I want
> more control over the users, particularly like giving users their own
> virtual root so they can't see other users' directories even exist let
> alone get in them.
>
> What's the best way to start? Install something like Ubuntu server and
> go from there or will a desktop edition do it? Is there much choice of
> FTP daemons? I'd like a GUI or web based management if possible.


Ubuntu Server and the regular Ubuntu are not much different. The
difference is in the programs that are included on the CD. You can
always download and install anything else.

The vsftpd (Very Secure FTP Daemon) is supposedly the most secure. Check
out all of the companies that use it on their Web page
http://vsftpd.beasts.org

The vsftpd package is available via DEB APT (apt-get or the GUI front
ends Synaptic and Adept)

I helped Kenneth Miles set up his vsftpd server last week (he was
originally going to use proftpd). Tuesday evening I installed and
configured mine on a Debian 4.0 box. It is to replace a beta GuildFTPd
that has been crashing on a Win XP Pro SP2 box for several years.

You can use vsftpd with real Linux system users, each having their own
/home directory, or you can use virtual users. Either way, they should
be chrooted into a chroot jail so they cannot see any higher-level
directory that the one into which they are chrooted.

Setup is pretty simple, and the configuration file is well-documented.
Add any site-specific info, like your banner, and uncomment or change
options that you want to use.

Here are a few links, some with complete HOWTO instructions:

http://freshmeat.net/projects/vsftpd

http://www.netadmintools.com/art355.html

http://www.nslu2-linux.org/wiki/Optw...Unslung.Vsftpd

http://howto.gumph.org/content/setup...ries-in-vsftpd

http://vsftpd.beasts.org/vsftpd_conf.html

http://www.vsftpd.org


Other FTP daemons are:

proftpd

http://www.proftpd.org

http://packages.debian.org/stable/net/proftpd

http://www.castaglia.org/proftpd/doc...TO-Chroot.html

wu-ftpd

http://www.wu-ftpd.org


--
John

No Microsoft products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

On Thu, 04 Oct 2007 08:32:16 GMT
"John F. Morse" wrote:

> The vsftpd (Very Secure FTP Daemon) is supposedly the most secure. Check
> out all of the companies that use it on their Web page
> http://vsftpd.beasts.org

That looks like the one, thanks.

--
You can lead a horse to water, but a pencil must be lead.
Stan Laurel

Trevor Best wrote:
> On Thu, 04 Oct 2007 08:32:16 GMT
> "John F. Morse" wrote:
>
>
>> The vsftpd (Very Secure FTP Daemon) is supposedly the most secure. Check
>> out all of the companies that use it on their Web page
>> http://vsftpd.beasts.org
>>
>
> That looks like the one, thanks.


Good luck with the config.

I'm still exploring mine. I need virtual users, with an ability to
individually give permission to various patterns of directories.

I could do this easily with user and group permissions with real users,
but I kinda don't want a mob having access to the file system, even if
in a chroot jail.

I think it would be more secure if users were virtual and chrooted.
Maybe even adding domain access restrictions, plus a high-numbered port
assignment as well. The crackers aren't likely to scan ports above 1024.
I could even open a few thousand ports and route them to a nothing IP,
just to keep the crackers waiting for long periods.

The annony-mouse access is closed down entirely.


--
John

No Microsoft products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

On Fri, 05 Oct 2007 04:07:30 GMT
"John F. Morse" wrote:

> Trevor Best wrote:
> > On Thu, 04 Oct 2007 08:32:16 GMT
> > "John F. Morse" wrote:
> >
> >
> >> The vsftpd (Very Secure FTP Daemon) is supposedly the most secure. Check
> >> out all of the companies that use it on their Web page
> >> http://vsftpd.beasts.org
> >>
> >
> > That looks like the one, thanks.
>
>
> Good luck with the config.
>
> I'm still exploring mine. I need virtual users, with an ability to
> individually give permission to various patterns of directories.
>
> I could do this easily with user and group permissions with real users,
> but I kinda don't want a mob having access to the file system, even if
> in a chroot jail.
>
> I think it would be more secure if users were virtual and chrooted.
> Maybe even adding domain access restrictions, plus a high-numbered port
> assignment as well. The crackers aren't likely to scan ports above 1024.
> I could even open a few thousand ports and route them to a nothing IP,
> just to keep the crackers waiting for long periods.
>
> The annony-mouse access is closed down entirely.

I might want any-mouse in, some of the sites I got have such pathetic
proxies that they don't translate authentication to external sites
meaning when I'm there I can't do diddly squat about transferring files
to/from base.

That's assuming there's someone left in the office that can respond to
"can you put a copy of xyz on the public area of the ftp server?"
without responding "huh?"

--
You can lead a horse to water, but a pencil must be lead.
Stan Laurel