Ftp issue

[parth_monga]

Hi friends

Is it possible to have a password protected ftp directory along with anonomus user access


i mean 2 say

when people visit my ftp link ie
ftp//server name

then can see all the directories like
text
stickers
word files
personal


They can acess all the directories and can see contents but when they go to my personal directory they should be prompted for a password.

is this possible
Please show some light on this .

Thanks & Regards

[Mudgen]

I don't think so. In general, the security model is "authenticate at connect". Some programs can prompt for root password and elevate privileges, but I'm not aware of any way to do this in the ftp client-server model.

[Foreclosure]

it's authentication when you log in. There isn't a way (that I know of) to perform what your asking.

just use ssh for things that you want to keep more private

[ramin.honary]

I am pretty sure that it is not possible to ask for a second password to access your directory. However, it shouldn't matter, your "ftpd" server should only allow users to access files which they have permission.

For example, if you want to access your files but want no one else to see your files, make sure your home directory has permissions:

Code:

% ls -ld /home/my_home
drwxr-x--- 60 my_name my_group 4096 2011-01-01 my_home

Notice thr "drwxr-x---", this means you have full acces, people in your workgroup have read-only access, and everyone else cannot even CD to this directory.

If you want to have full access but allow other people only access to your "~/public" directory, you can set your permissions like this:

Code:

chmod o-rx ~ # Make it impossible to "cp" from, or "ls" or "cd"  to your home directory
chmod +rx ~/public # Now, people can "cd /home/my_user/public" and "ls" and "cp" from it
# but they cannot "cd /home/my_user"

This should work, but what actually happens depends on which FTP-server (ftpd) you are using and how it has been configured. The thing is, even if they cannot "ls" to your home directory, but you want people to access certain files in it, you should just tell your users which directories they are allowed "cd" access to. For example, make your FTP server display a note that your "/home/my_user/public" directory is open to the public, and it is the only directory they are allowed access to on your computer.

The thing to remember is, if a directory does NOT have "execute" permissions, the "cd" command will not work on it. This is true for any shell, whether it is "bash", "ssh", or even "ftp".

[IJskes]

The following might be a work around so user will not see directories they are not meant to see.

Every FTP user logs in, and gets its own private directory (jail-root)
In this directory place direcotries that get mounted to another directory where you want the user to have access to.

As said before, ftp has a first time authentication, and that is it. I have not seen any ftp server that does this otherwise.

Set the right permissions, set the moint points in the /etc/fstab and you have a nice protected envirnoment.

[RobKendrick]

I'm not the op for this thread; I just wanted to commend ramin.honary for not only answering the question, but also providing us with a reminder of best practices and then detailing an alternate solution.

For the other Linux Newbies among us, this information is invaluable as it reminds us of the finer workings of the kernel that long-time admins and gurus know offhand and take for granted.

Many thanks!
Rob

[ramin.honary]

I'm not the op for this thread; I just wanted to commend ramin.honary for not only answering the question, but also providing us with a reminder of best practices and then detailing an alternate solution.

Thank you, you are too kind!

[RobKendrick]

Thank you, you are too kind!

Credit where credit is due!

[dE_logics]

Yes, VSFTPD has all these feature... it's pretty good and secure.


You might be interested in openssl and FTP too.

[Mudgen]

Yes, VSFTPD has all these feature... it's pretty good and secure.


You might be interested in openssl and FTP too.

Gee, I've been installing, configuring, and using vsftpd for years, and I've never run across the feature where it will prompt for a password when a user tries to cd into a specific directory.

Not sure what the last remark is about. It's akin to saying that if you're interested in Volkswagens, you might be interested in tow trucks and cars.