Stupid geek pop quiz: FTP edition.
Jun. 17th, 2009 03:38 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
theweaselkingIt is terribly sad that
A) it's much easier to do this in Windows
B) it's making me wish it was as simple as Samba.
But yeah.
I want an FTP server on a Ubuntu 8.04 machine.
I want to create usernames and passwords for this FTP server, and set those user/passes to have access only via FTP, and only to specific folders. Each user will have a different folder. Specifically, each will have a subfolder of /var/www/. As in, each user will have it's own website located at http://server/folder/. As long as the webserver can see those files, I'm happy, because I can make *it* dance to my tune just fine.
I want to control the owner/group of the created files. As in, "www-data:www-data". Period. Always. 'Cause duh.
Seriously, I could do this in Samba in *seconds*. I could setup FileZilla For Windows in *minutes*. I can't find a good set of instructions on how to do it *in Linux* anywhere.
What I'm thinking:
Install proftpd. Configure it to noanonymous, force correct user/group, jail users in their home directory.
Create *system* users who have a shell of /bin/false, a home directory of /var/www/foldername/, and the password I want them to use.
There HAS to be a better way of doing this. What am I missing, lazyweb?
A) it's much easier to do this in Windows
B) it's making me wish it was as simple as Samba.
But yeah.
I want an FTP server on a Ubuntu 8.04 machine.
I want to create usernames and passwords for this FTP server, and set those user/passes to have access only via FTP, and only to specific folders. Each user will have a different folder. Specifically, each will have a subfolder of /var/www/. As in, each user will have it's own website located at http://server/folder/. As long as the webserver can see those files, I'm happy, because I can make *it* dance to my tune just fine.
I want to control the owner/group of the created files. As in, "www-data:www-data". Period. Always. 'Cause duh.
Seriously, I could do this in Samba in *seconds*. I could setup FileZilla For Windows in *minutes*. I can't find a good set of instructions on how to do it *in Linux* anywhere.
What I'm thinking:
Install proftpd. Configure it to noanonymous, force correct user/group, jail users in their home directory.
Create *system* users who have a shell of /bin/false, a home directory of /var/www/foldername/, and the password I want them to use.
There HAS to be a better way of doing this. What am I missing, lazyweb?
(no subject)
Date: 2009-06-17 07:58 pm (UTC)Use an rsync server instead. It is the new hotness. (For values of "new" approximating "1998".) man rsyncd.conf.
(no subject)
Date: 2009-06-17 08:04 pm (UTC)(no subject)
Date: 2009-06-17 08:22 pm (UTC)(no subject)
Date: 2009-06-18 03:11 pm (UTC)Bad clients are meat and potatoes.
(no subject)
Date: 2009-06-18 03:22 pm (UTC)(no subject)
Date: 2009-06-18 03:53 pm (UTC)When I freelance, I bill by the hour or part thereof, and I have one low rate for new installations or upkeep of installations I've installed, one lower rate for pre-planned builds, and one happily high rate for maintenance of other people's
cockupsinstallations. This is because I was word-of-mouth marketed from client to prospective client as a "miracle-worker", not as an IT admin. I salvaged lost tracks from macintoshes running OS7. I pulled trojans off production machines where the anti-virus software couldn't remove it. I stabilised Windows98 installations. Before a certain law took effect, I circumvented encryption measures to get access to information a client's employee had tried to hide. I testified once as an expert witness where my testimony saved the client's figurative buttocks.Good clients plan ahead. Good clients know what they want and usually just need someone to do the footwork while they deal with the studio/artists/talent/whatever. A small amount of work for a small amount of money.
Bad clients have a hodge-podge of various crap that almost, but not quite, does what they need it to do and won't commit to a budget that addresses their ever-more-pressing needs, but will gladly pay the ludicrously high maintenance-of-other-people's-stuff fee because they can write it off on their taxes or make a claim against their insurance or pay it out of operational expenses. They also tend to have several of these incidents one after the other, each one having been predicted in writing to management by myself and/or whoever engaged me, until they finally have the let-us-move-into-the-21st-century event.
They then market me word-of-mouth more than the good, maintenance clients, because no-one is particularly impressed when their machines keep working uneventfully and automagically, the way they were meant to. The accountant / CFO / manager doesn't know the difference between a server that runs three years beyond the engineered service life and "it was meant to do that" if the company's too small to have ever had a CTO/CIO/Admin.
I know one guy who is independently wealthy who does IT admin for a rather large number of clients. He throws Hail Marys my way every so often. If I had this client list, I could probably make decent money - but the travel expenses would eat me alive. This guy does it because he's already in their social circle.
(no subject)
Date: 2009-06-19 05:49 am (UTC)(no subject)
Date: 2009-06-19 07:43 am (UTC)I am dealing with this to some degree because i have been helping my wife, who is competent with your average tech stuff but is certainly no sysadmin, deal with the IT in her company, because it falls to her by default, and with good reason, because her officemates are the largest collection of Luddites and incompetents i have ever seen, especially in Silicon Valley. We've done a good job decrufting things (and it helps that it was nearly an all-Mac gig from the outset), but there are so many horrors still lurking underneath... it gives me the heebiejeebies and i don't even work there.
(no subject)
Date: 2009-06-17 08:53 pm (UTC)then use htpasswd to create a separate passwd file e.g. /etc/apache/ftp.passwd to authenticate against. Use whatever apache.conf structure your distro use to secure one with the other.
Similar to how I secure SVN in this thing.
https://docs.google.com/Doc?docid=dgr9z5bz_32cnf7q9fb&hl=en
...dammit, now I have to do it to see if it works...
PS. we use FTP it's still the most reliable method of transferring large files between sites (Wellington-Dallas-Malta). 4Gb files in 40 min with FTP vs. 28hrs using robocopy. Shoot the windows admins.
(no subject)
Date: 2009-06-17 10:04 pm (UTC)From http://proftpd.org/docs/faq/linked/faq-ch7.html :
See http://proftpd.org/docs/howto/AuthFiles.html
(no subject)
Date: 2009-06-19 05:48 am (UTC)Have you got a link to an example of a proftpd.conf with virtualhosts configured?
(no subject)
Date: 2009-06-19 04:07 pm (UTC)Thanks!