[TriLUG] anonymous ftp with samba - working well
Ryan Leathers
ryan.leathers at globalknowledge.com
Wed Jul 2 17:23:52 EDT 2003
Normally I only post when I have a problem or am commenting on somebody
else's problem. Today I have a solution. I'm posting it in case it is
useful to anyone on the list.
A couple of weeks ago I started messing around with an FTP server which
could accept uploads from anonymous connections, provide downloads, and
allow an ftp administrator on a local LAN access to manipulate files and
directories. The whole thing needed to be as secure as possible.
I wound up using vsftpd and am taking advantage of its chroot and chmod
capabilities. I mount a partition to ftp/pub/incoming to isolate it and
for flexibility sake. I run the service with an ftpsecure account and
did some user:group magic to make the incoming directory write only for
chmod'ed ftp users but read-writable for the administrator who will
connect from a local LAN mapping an SMB share on his windows box. SMB
access is limited by username and IP address. Finally, I have a tiny
iptables rule set optimized for this purpose. The OS is RH9 only
because it was handy when I started - I've stripped it down to a bare
system.
This didn't require anything but some thought and some simple
configuration of existing packages with the RH9 distro I started with.
Anyone could do this.
If anyone would like to see examples of my various configs send me a
direct email and I'll be happy to share.
--
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030702/652b481d/attachment.pgp>
More information about the TriLUG
mailing list