NCFTPD-Only Users?

Forum provided for public use.

Moderators: FeLiX, Mr.Magoo

NCFTPD-Only Users?

Postby Setzer » Wed Oct 02, 2002 9:23 pm

DLink, is it possible to add an FTP-only user for NCFTPD under Linux? I read about them in the information, but nothing says how to create one. I don't want to create a user (or users that belong to a group) and have another directory or so under /home. I'm posting this here instead of private in case any of your clients run the app and didn't know how. I used a few commands from the ancient version of SW I used back in the day, but of course they don't exist in RH (or maybe Linux anymore).
Image
Setzer
I'm too seksy for this board!
I'm too seksy for this board!
 
Posts: 524
Joined: Thu Aug 15, 2002 1:01 am

Postby DLinkOZ » Wed Oct 02, 2002 10:14 pm

Nope, ncftpd uses /etc/passwd for account access. However, if you've disabled that craptacular xinetd and gone with just ftp and ssh for remote access, you CAN restrict people to ftp only. Create a normal account, then edit /etc/ssh2/ssh2_conf (or /etc/ssh2/sshd2_conf if you roll your own from ssh.org as I do) and find the DenyUsers section. Add the users accordingly and restart ssh. Now those accounts can get into the ftp but not shell acess.

Yeah, I know this isn't exactly what you were looking for, but it gets the job done. You could also give them /usr/bin/false instead of a legit shell, but my problem is I run the servers under the user accounts (so they have proper ownership of files and such), so they need fully functioning accounts (I just use an su to their account in the startup scripts).
"Proving the human condition, one idiot at a time"
Server Pimpage
DLinkOZ`Fbs
"Diplomacy is the act of saying "Nice doggie!" till you can find a rock"
"Department of Redundancy Department"
"Eagles may soar, but weasels don't get sucked into jet engines"
"Quantum Mechanics: The dreams stuff is made of"
"Good health is merely the slowest possible rate at which one can die"
Image
DLinkOZ
Site Admin
Site Admin
 
Posts: 1643
Joined: Sun Nov 12, 2000 2:01 am
Location: McKinney, TX

Postby Setzer » Thu Oct 03, 2002 10:43 am

Dang, that's what I thought. I had gotten around it for ages using two methods of my own, but I still didn't feel safe so I wiped all accounts minus root and Sephiroth. First my router blocks ports 22 and 23. Next I gave every user a home directory of /home/ftp, but they could still do damage if they somehow got in. I'll look into SSH2, I've been putting it off forever and using plain old SSH.
Image
Setzer
I'm too seksy for this board!
I'm too seksy for this board!
 
Posts: 524
Joined: Thu Aug 15, 2002 1:01 am

Postby DLinkOZ » Thu Oct 03, 2002 11:24 am

Chroot all users. Then when people ftp to the box, they can't go up and out of their homedir. Then disallow anonymous access all together

u-restricted-groups=all
server-type=non-anonymous-only
u-vchroot-restricted-users=yes
"Proving the human condition, one idiot at a time"
Server Pimpage
DLinkOZ`Fbs
"Diplomacy is the act of saying "Nice doggie!" till you can find a rock"
"Department of Redundancy Department"
"Eagles may soar, but weasels don't get sucked into jet engines"
"Quantum Mechanics: The dreams stuff is made of"
"Good health is merely the slowest possible rate at which one can die"
Image
DLinkOZ
Site Admin
Site Admin
 
Posts: 1643
Joined: Sun Nov 12, 2000 2:01 am
Location: McKinney, TX

Postby Setzer » Thu Oct 03, 2002 12:02 pm

I have all but Sephiroth chrooted. This way if I need to do soemthing outside /home/ftp I can do so. I allow one anonymous user, but they can only download, and are throttled to 16kb/sec down. Registered users can get up to 96kb/sec down, althouth I am going to change it to 64kb/sec for bandwidth's sake. 64 * 3 = 192kb of my 512kb upstream. So that's less than half, and since I average four to six players ont he server, it won't bog my server down if three of my guys decide to do the same thing all at once.
Image
Setzer
I'm too seksy for this board!
I'm too seksy for this board!
 
Posts: 524
Joined: Thu Aug 15, 2002 1:01 am


Return to FO.Net's Public Forum

Who is online

Users browsing this forum: No registered users and 1 guest

cron