On Thu, Sep 15, 2005 at 03:31:52PM -0700, Brian D. McGrew wrote: > I'm back on my kick of looking for a better FTP server. I posted this > once before but the boss-man has changed the requirements again so here > goes! > > My users are not just straight users that get a home directory and > login. I have customers. Each customer has at least one site but most > have several site. Each customer site has multiple users. So for > example > > Customers > | > +--- Site 1 > | +--- User1 > | +--- User2 > | +--- User3 > +--- Site 2 > | +--- User1 > | +--- User2 > | +--- User3 > +--- Site 3 > | +--- User1 > | +--- User2 > | +--- User3 > | +--- CUSTOMER-SUPERUSER > > So each user needs to have their own directory at their respective site > level and be able to get to ../ to the site directory and into their > peers directory but not be able to cross the boundaries of a site. > Unless of course they're designated as a CUSTOMER_SUPERUSER in which > case they'll still have a home directory under their respective site but > be able to access the entire customer specific folder and all that > customers sites and users. > > That takes care of my customers and then I've got my employees who are > in my staff group who need to have access to their real live Unix home > directories as well as global access to the customer file-system. > > I'm hoping that someone has been on a project like this in the past and > can recommend which FTP server to use and how to configure it. It isn't popular on this list, but wu-ftpd is the only thing I've found that even comes remotely close to this kind of requirement. I've done similar things in the past with wu-ftpd through use of the 'guestroot' directive which locks users into their 'home' directories. What you'd do is make the CUSTOMER_SUPERUSER$X's home the CUSTOMER$X directory. Through use of the 'upload' command you'll be able to control the owner and group permissions of uploaded files into each area, which will let the superusers manipulate their user's files. The one downside to this kind of configuration is that _every_ homedirectory you 'guestroot' a user into will require its own /bin, /lib, and /dev directories. Also wu-ftpd doesn't seem to be under active development anymore. -- /\oo/\ / /()\ \ David Mackintosh | Public Key: dave@xxxxxxxxxx | http://www.xdroop.com/dave/gpg.html $ gpg --recv-keys --keyserver subkeys.pgp.net 4C032504 Mystery attachment? http://xdroop.dhs.org/space/GPG
Attachment:
pgpGJAbccCa5P.pgp
Description: PGP signature