[plug] default home directory permissions with useradd and webmin

[Daniel Pittman]

Shanon Loughton <autobot at iinet.net.au> writes:

> Its an FTP server only, on an Ubuntu VM.
>
> We want clients to login using 1 login per client, and therefore a
> username and directory per client.  Access from the web.

>From the web?  I am not quite sure what that means for an FTP server.

> Internally, I want anyone to be able to browse, read/write to all login's
> home directories without having to login anywhere.
>
> One username and password would not suffice for the multiple client
> side of things.

It does: I think you would be much better off looking to use an FTP server,
such as ProFTPD, that supports "virtual" users, as well as assigning an
appropriate chroot path per-user.

That way you can have a single Unix user for all file uploads, while retaining
unique FTP usernames, passwords, and access to files.


Alternately, if you only need users to submit files via FTP consider using
anonymous access with an enforced "password" standard, and an upload-only FTP
service.


Beyond that, WebMin offers a hook to a shell script when a new user is
created.  You can use that to chmod the directory ... but, please keep in mind
that this absolutely, totally defeats any security for those user accounts.

Having access to any of those accounts will be the same as having access to
all of those accounts — at least, it isn't that hard to proxy one into the
other.

Only accessing the account content via something inactive, like Samba, should
help, but make *sure* Samba doesn't ready any files inside the home directory
to obtain configuration settings or anything.

Regards,
        Daniel
-- 
✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons
   Looking for work?  Love Perl?  In Melbourne, Australia?  We are hiring.