I just reinstalled and set up my debian system w/ apache and php4. Previous setup I also had wupftd setup for anonymous ftp only. This server is on local network and not open to www

system:
hda1 root system
hda5 swap
hdb1 /home/www

I'm not concerned w/ security too much and only have a root account. No one else in house can login but me and when not directly working on the box I always exit x and logout, so anyone must login to do anything.

In previous setup I had wuftpd setup only w/ anonymous ftp at /home/ftp. The problem is that uploads go to /home/ftp/pub/incoming and I had to manually move uploads to the /home/www directory and subsequent folders in /home/www.

What I want to be able to do is upload directly to any folder I want in the www directory. Also, wuftpd's default anon setup prevents clients from actually seeing the contents of /incoming. I've fiddled with wuptpd.conf but documentation is rather poor.

My questions:
1. Is there a simpler ftpd other than wuftpd?
(Proftpd looks more complicated than wuftpd)
2. Is is possible to have a shortcut in /www that links to files in /ftp?

The server purpose is two fold:
1. testing my web sites and personal education.
2. /www used as a means to share files on local network, kids can ftp using browser and upload etc, plus I use /www as a backup for some files and quik downloads.

For an FTP server: Very Secure FTPd (http://vsftpd.beasts.org/)

I loved this when I used it. Nice and easy to set up with a strong focus on security.



As for making links.. I think it's ln -s /www/foldername /ftp/foldername - Though I could be wrong. "man ln" for the syntax.

n previous setup I had wuftpd setup only w/ anonymous ftp at /home/ftp. The problem is that uploads go to /home/ftp/pub/incoming and I had to manually move uploads to the /home/www directory and subsequent folders in /home/www.

This is by design. If you are using anon ftp, it's assumed your users don't know/trust each other. That's why there is a single point to drop files and then they are.

Sounds like you have two basic requirements 1: To upload files to your website; 2: To allow your kids to store and retrieve.

Honestly, neither require anon ftp so I would go with userbased ftp. Is there a specific reason that you want anon? You could always give your kids an account that has no shell, so they can't log in to the OS but can access ftp services.

You can also do all this very easily through php - you can control access based on user/group/ip address - whatever authentication you want.

cyberskye

Thanks.
I realize that. I was just wondering if it's possible to modify the anon ftp with higher permissions. I was avoiding setting up user accounts because I always run the box as root. Like I said, security not an issue because there is nothing on it that is sensitive or confidential and it's only running locally.

So, if I wanted to set up a real user in WU, would I have to use adduser to the system itself? Then use that new user account for everyone to upload?

Hi Tony,

Completely understand that this box has no security requirements, just explaining why anon ftp behavior might seem a little strange.

Not sure about debian, but under RH and the BSD's, when anon, ftpd runs in a chroot jail. You'd need to make copies of /etc, /bin and put them in your ~/ftp directory !! make sure you replace the encrypted password in /etc/passwd with asterix !!

Since your box is locked down, it becomes MUCH easier to use standard ftp.

You can create new users on the system by whatever means you like and then create a shared folder that has group-write permission that ways users can share their files - but also delete each others.

different ftp servers have different files that let you further control access:

man .ftpusers that should help with the syntax.

Another thought - anonftp, conceptually is generally used to blindly distribute files. Security tends to apply to everyone as you don't know any users. What you want to do is the opposite.

Cheers,

Skye

I would seriously look into using a PureFTP. I use PureFTP in userbase mode. It's nice and easy to get running and configure. I have different users jailed to certain directories (for example, directories in my Apache setup). A good guide to follow should you take this route (this is for virtual users so you don't have to create system users - a bit like the way most windows based ftp servers work): http://www.pureftpd.org/README.Virtual-Users

If you decided to try VSFTP as mentioned by Paft, then there's a nice little guide to get a basic setup. You might find this useful: http://www.markus-welsch.de/linux/services/ftp.html#introduction

Yeah, I tried PureFTPD once before. Problem is that there's no version of it for woody at deb archives. (only as unstable) I had to use a backported version someone had available as a deb-src and played w/ it for a bit.

Being fairly new to linux (3-4 months and about 30 installs of all deb ports) I am still learning about setting up apps using the config files. Most are easy and well documented in the config files themselves, but some are not. WUFTPD has decent documentation right in the config files.

I may just leave the anon ftp the way it is cause I may end up opening the system to www access globally in near future. My isp, COX, now has business class service in my area w/ static ip and variable bandwidth. Thus it would not violate the ToS if I opened up the server to www access.

But to to the above, I want to study a bit more about securing teh system so as to detect and prevent unauthorized access and prevent someone from installing Samba or similar apps. This system is not set up for local networking w/ the windows boxes on my network and I want to keep it that way.

You don't need to use a portage system like apt-get for this. :p

Compiling from source is as easy as 1-2-3. Seriously. You should have no problems compiling a system independant source in Debian.

Give it a try.

Something to recommend down the road - on a public webserver you can mount a good deal of the overall file system in read-only mode...especially if the updates are done locally.

Before opening it up to the world, remove the compiler too.

As an alternative - check out WinSCP (windows client) if you're running sshd on the server. When I was hosting my friends' sites, I made them use that to upload files. Encrypted from end to end and don't need to open extra ports in the FW.

Check out tripwire too. Cool app htat takes system snapshots. Need to run it once ot build a database before opening it up to the web, tho.

check out WinSCP

been using that ever since we moved our secure sites to Rackspace servers. It the best free secure app of it's kind.
http://phoenixchimney.com/tonyt/winscp2.gif

Cool - putty for the cli, winscp to drag n drop :)

With ssh I would drop the ftp notion altogether. Only downside is the overhead for the encryption.

EDIT: I just moved out here to SF August of last year from Alexandria VA - sorry I missed the lovely weather you have been enjoying this winter. Avg hi/lo here has been mid-50's/mi-40's.:p

EDIT: I just moved out here to SF August of last year from Alexandria VA - sorry I missed the lovely weather you have been enjoying this winter. Avg hi/lo here has been mid-50's/mi-40's

No braggin allowed!
Yes, we have been hit with a lot of freezin rain lately.
As you know, drivers in this area slow down 10 mph just when it rains, so you can imagine what the traffic is like in snow & sleet!

Was this move to SF work related or based on the general SF population stereotype!

Was this move to SF work related or based on the general SF population stereotype!

Not sure how to take that :)

Work related. I've been with the company since 2000 - 1 week or more per month out here, though, living in a suitcase. Guess they got tired of those $1200 plane tix and offered me a nice package to move this way ;)

EDIT: My brother teaches at a highschool in Baltimore so I have heard the play-by-play. At least the ground doesn't move...

Originally posted by stevebakh
I would seriously look into using a PureFTP.

I also agree with using pureftd, great secure ftp daemon with MANY features. :)