[TriLUG] anonymous ftp with samba - working well

[Ryan Leathers]

Normally I only post when I have a problem or am commenting on somebody
else's problem.  Today I have a solution.  I'm posting it in case it is
useful to anyone on the list.

A couple of weeks ago I started messing around with an FTP server which
could accept uploads from anonymous connections, provide downloads, and
allow an ftp administrator on a local LAN access to manipulate files and
directories.  The whole thing needed to be as secure as possible.

I wound up using vsftpd and am taking advantage of its chroot and chmod
capabilities.  I mount a partition to ftp/pub/incoming to isolate it and
for flexibility sake.  I run the service with an ftpsecure account and
did some user:group magic to make the incoming directory write only for
chmod'ed ftp users but read-writable for the administrator who will
connect from a local LAN mapping an SMB share on his windows box.  SMB
access is limited by username and IP address.  Finally, I have a tiny
iptables rule set optimized for this purpose.  The OS is RH9 only
because it was handy when I started - I've stripped it down to a bare
system.

This didn't require anything but some thought and some simple
configuration of existing packages with the RH9 distro I started with.  
Anyone could do this.

If anyone would like to see examples of my various configs send me a
direct email and I'll be happy to share.



 
-- 
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030702/652b481d/attachment.pgp>