> On Mon, 2005-04-11 at 23:02, Tim Holmes wrote: >> Ok -- First off -- Thanks to all who helped me getting samba working -- >> it works perfectly and is very little effort to administer, and through >> the help of one of our graduates, I got NFS up and running tonight so I >> am sharing home directories across the network -- also very nice >> >> >> In the course of our discussion of SAMBA someone suggested that I am >> actually doing a disservice to our students by allowing them to post >> files to their web sites over samba shares, and that I should actually >> make them do it via FTP because that is much more likely how they will >> be doing it. >> >> After some consideration, I have reached the following conclusion, I >> will have my Front Page class (8th graders) using FTP, and the 9th Grade >> class (Dreamweaver) using direct file transfers. >> >> Now comes the problem >> >> -- How to make ftp work right for this scenario. I have previously >> installed PROFTPD on the webserver, and have been using it for just >> myself for remote access for website work etc. When I login, I must >> supply the full path to the proper folder (not a big deal for me) >> (totally confusing for an 8th grader) >> >> I am open to ditching proftpd if necessary, and going to some other form >> if that's better, but I need some direction in where to go. I have >> discovered that the PROFTPD config file is similar to apache, but im a >> bit lost on how to achieve what I want. Ideally, the users would be >> able to authenticate against the Active Directory, but if not they could >> have a separate username and password within PROFTPD. >> >> I need your help and suggestions on this >> > > Tim, > > I have not use Proftp, but some suggestions: > > Setup a user on the machine hosting the PROFTP etc which does not have a > login shell (to stop then doing anything by connecting directly to the > machine) and the home directory is the root directory of the Web sever > you need to upload the web ages to. > > ISTR that PROFTP has the option of CHROOTing the users to there home > directory. You may need to play around with the permissions to get it > right. > > When this user ftp's to te server they are locked to the 'home' > directory and cannot go outside of it and any directories below. > > > There are several Howto's on doing this if you do a Goggle search. > > Rob > Chrooting is extremly easy with the shipped vsftpd ftp-server. Just config /etc/vsftdp/vsftdp.conf to your needs and add: chroot_local_user=yes Or you leave this option a input a file from users to chroot. Indicate this in /etc/vsftdp/vsftdp.conf under chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list <- This chroots all your users/wished users, so they just pass username/password and are in their homedir. Also make sure, that anonymous access is denied. run service vsftpd start - thats it! Roger
