Need help with unique proftp config

Discussion in 'Installation/Configuration' started by formermsftie, Jul 21, 2006.

  1. formermsftie

    formermsftie New Member

    This is longwinded, please forgive me.

    I have recently converted from the dark side and I have setup a new/old Dell 2550 server with proftpd 1.3.0-4 running on CentOS 4.3, for FTP. I am just learning proftp and need some assistance with a unique config.

    I am trying serve up hundreds of very large architectural drawing files for multiple construction projects. Each project has it's own project number (ex. pj12345) and each project will have many drawings.

    I want to allow only subcontractors who are chosen for a specific project to download those respective drawings. These aren't confidential docs but I just don't want hundreds of subs changing dirs and downloading other drawings which will use up bandwidth. We have over 100 given subs at any one time so instead of managing hundreds of user accounts or 30+ project user accounts, I want to provide anonymous access with a twist.

    If I create a folder for each project, I want an anonymous user to be able to go to ftp.server.com/proj12345 and I want them to be able to see and download the files in that folder, but not see or change folders to any other project.

    If they just go to ftp.server.com, I want everything to be hidden. Basically, I guess I want to "pseudo-jail" them so that once they get to that respective project folder, they can see/get any drawing file but that's all they can see. I guess I can deny 'cd' so they don't get out since no project folder will have subfolders. If they can't see other folders they won't try to cd to them.

    I want to allow an internal local user to upload files to this server but I do not want anonymous users to upload/change anything. I've got a basic anony ftp working with download so I'm 1/2 way there.

    Also, I have this server inside our ISA 2004 firewall using server publishing (port forwarding) but it is not in a DMZ. I know, I know. ISA is pretty solid but I have also enabled and configured the firewall on the ftp box to only allow ssh, ftp and ssl webmin with a dif port - ya know, since i'm a rookie. :)

    Would it be wise to open a port with Samba so the internal/local user can get to the ftp folder to upload files, or should I just go ahead and put this puppy in a DMZ and make a local account with no chroot jail and allow write perms to the ftp folder so they can put the files to it?

    Remember, I'm a transitional windows guy, so if this is crazy talk, just smack me.

    Thanks a zillion.

    Eric
     
  2. falko

    falko Super Moderator ISPConfig Developer

    This guide should get you started: http://www.howtoforge.com/proftpd_mysql_virtual_hosting

    You need to open ports 20 and 21, but no Samba ports. FTP != Samba
    Of course, you could also put the server into your DMZ, in that case you don't need to forward ports.
     

Share This Page