Dougal
March 5th, 2003, 14:21
Hi all,

I'm a newbie to OpenBSD and am looking to replace my current Winblows 2K machine with an OpenBSD box. Currently I'm on a steep learning curve but it's sinking in slowly.

Anyway, cut to the chase. I want to configure the machine with mainly FTP only accounts as there will only be me accessing it for administration. I've setup a couple of test accounts and with the exception of my account they are FTP only. I have been looking at "mount_null" as a way to add directory links for areas outside the users home directory and I can make this work OK for read only access.

My problem is I would like a writeable area that 2 users can access which will be my webroot folder. I have created this directory, created a group for this purpose and chgrp'd the directory and added the 2 users to the group. I can read OK but can't write even though the directory permissions are set to 775. I've had to set them to 777 to be able to write which I'd rather not use if I can help it.

Can anyone think of anything I could be doing wrong?

elmore
May 28th, 2003, 12:26
Wow, sorry man for not getting to you sooner. I've been going through unanswered posts this morning and just saw yours. I remember seeing this a while ago but then our site crashed and some people's posts sorta got left behind unanswered.

Have you gotten this resolved? Here's a quick link that might shed some real useful insight if you haven't seen it already.

http://www.openbsd.org/faq/faq10.html#FTPOnly
http://www.openbsd.org/faq/faq10.html#ftpchroot

Hope that can help. :)

Dougal
May 28th, 2003, 17:29
Hi elmore.

Thanks for the reply. I'd almost forgot I asked the question but hay, it's not like I'm paying for tech support so any pointers are appreciated. :D

I've not touched this for a while as I've been sorting other things as I work my way (slowly) through all the new things I need to learn to make this all work. Very enjoyable though.

I can chroot my ftp accounts OK and I know it kinda goes against the whole point of a chroot connection but I'm hoping to include a couple of extra directories that are read/write for a couple of users and I can't seem to crack it without using mount_null and chmod'ing the directories as 777 which is not exactly the best way to do it.

Anything you can think of that might help out?

Martin

Strog
May 29th, 2003, 01:52
I've been using the scponly shell on freebsd for filetransfers and it works great. There's a script that comes with it to chroot and setup everything you need. I like this way better than ftp since it uses ssh and you don't have to transmit those passwords in the clear. It only allows scp or sftp connections. I personally haven't run an ftp server for a while with scp/sftp around.

I know it's not in openbsd's ports but it could still be a nice solution for you.
http://www.sublimation.org/scponly/

8)

Dougal
May 29th, 2003, 03:18
Hi Strog,

Looks like a nice option. I'll take a look.

I've been having a rethink and I think my best option is to just chroot the webroot user into the default apache directory and use the same account for both users needing to upload. It's either that or have a seperate copy of this directory in each users home and rsync it to the web root periodically but that sounds a bit messy.

The chances are they'll be Windows machines making the updates so it may be tricky finding an SCP application but it's certainly worth a look. I've been playing with SSH quite a bit recently so I understand the idea behind it.

I'll still need ftp though as a read only source for information but that I think I can handle OK with the mount_null option. Seems to work OK.

Thanks again,

Martin

Strog
May 29th, 2003, 10:41
The best windows scp client out there I've seen is WinSCP2 (winscp.vse.cz/eng/). We use it quite a bit here at my work.

Putty (www.chiark.greenend.org.uk/~sgtatham/putty/) also has some scp/sftp command-line apps too. I know there's a couple programs for windows out there that use the putty programs for the back end.

Of course there's always Cygwin (www.cygwin.com) if you want to compile the regular unix tools on windows. I think a real nice client would be gftp on windows using cygwin but this is way too much work for windows users.

|MiNi0n|
May 29th, 2003, 14:11
You can use SSH's client for free for Windoze boxes under "certain circumstances":

http://www.ssh.com/products/security/secureshellwks/non-commercial.html

It's sftp interface is awesome, makes moving files around securely a complete breeze. Download the non-commercial version here:

http://www.ssh.com/support/downloads/secureshellwks/