1

I will note that I am using Rails but this is not a Rails issue.

I'm not very experienced with Linux but I do know I'm running Ubuntu 10.04 LTS on Linode.

Upon user registration the user is created a folder in my RAILS_ROOT/public/users/[user_id]/ for their own personal use. Inside this folder is an albums directory.

How can I, at the same time this folder is created, password encode it and give them ftp access. Is this actually possible? What are the security concerns with something like this. I want to lock them in there and I have seen some people talk about vsftpd as a solution to this last part.

user9517
  • 115,471
  • 20
  • 215
  • 297
bob
  • 111
  • 1

2 Answers2

2

If you installed and configured ProFTPD then you can use the AuthUserFile directive to point to an alternate password file. This file can be managed by your application. You can also configure ProFTPD to use an sql database backend which your application could manage.

user9517
  • 115,471
  • 20
  • 215
  • 297
1

Are these real Linux accounts, or are they accounts created in your application?

vsftpd can work with either real accounts or virtual users (read from a file), as well as "chroot" their accounts to a specific directory so that they can't go up directories from there, but either way requires a certain amount of configuration (by default it appears to allow anonymous access only). Regardless of whether you are using real or virtual users you'll need to enable "Local" users. vsftpd uses PAM for all Local users, so for virtual users you'll need to completely erase and replace the /etc/pam.d/vsftpd with the information from the tutorial here. If they're users created in the application, then your application will need to have write access to the virtual passwd file pointed to in the PAM configuration above, and each new user has their username and an appropriate hash of their password stored in the file.

If you're good with PAM and have the appropriate packages installed, PAM has any number of different modules that can be used for this, there may be one that can read the same database table your application uses to perform the username/password lookup.

DerfK
  • 19,493
  • 2
  • 38
  • 54
  • thanks for the in-depth answer derf. The accounts that I am talking about having created are in the application itself. I will look into what you mentioned. Thanks! – bob Oct 17 '10 at 20:06