SUMMARY: Can non-root user add FTP user accounts

From: Rick Beebe <BEEBE_at_BIOMED.MED.YALE.EDU>
Date: Thu, 21 Mar 1996 08:57:53 -0500 (EST)

I would like to thank the following for sending their suggestions. All were
helpful.

iglesias_at_draco.acs.uci.edu
labelles_at_mscd.edu
kaiser_at_acm.org
hammr_at_ucfv.bc.ca
tom_at_silverlock.dgim
vandyk_at_ROSES.ROCKWELL.COM
jjb_at_phys.psu.edu
aad_at_nwnet.net
farrell_at_pangea.Stanford.edu
SLOANE_at_KUHUB.CC.UKANS.EDU
harrah_at_strike.cxo.dec.com
richard_at_metz.une.edu.au
peter_at_wiscpa.weizman.ac.il
Knut.Hellebo_at_nho.hydro.com
jcraig_at_gfs.com
bennett_at_hpel.cees.edu

The suggestions fell into several broad categories. use a Web server with
its built-in access controls. Set up a single FTP account but prevent
people from looking at the directory--they have to know the name of the
file to retrieve. Create several FTP accounts and let the user change their
password as needed. Use some sort of wrapper. Make the file publically
accessible and use encryption. After discussion with the involved persons
here, we decided to use Mr. Sloane's plan's. His message is quoted here:

---------------------------

First, get a copy of sudo from ftp.cs.colorado.edu and get it working.
It should build correctly with no problems.

Then make a copy of the adduser script called addftpuser and make it
owned by root, and chmod 700 and modify it to only set up the shell as
/bin/false and any other restrictions you want.

Then use visudo (part of the sudo package) to allow the special
user to create accounts using the adduser script.

You might also want to modify a copy of the removeuser script so the
special user can remove the accounts once they no longer needed.

-- 
USmail: Bob Sloane, University of Kansas Computer Center, Lawrence, KS, 66045
E-mail: sloane_at_kuhub.cc.ukans.edu, Phone: (913) 864-0444, FAX: (913) 864-0485
----------------------------
I've implemented my version of this and so far it seems to be working well.
Time will tell for sure. Thanks again for the help.
    _____________________________________________________________________
     Rick Beebe                                           (203) 785-4566
     Data Network Operations                         FAX: (203) 737-4037
     Biomedical Computing Unit                    Richard.Beebe_at_yale.edu
     Yale University School of Medicine                                 
     333 Cedar Street, New Haven, CT 06510
    _____________________________________________________________________
Original post:
On Tue, 19 Mar 1996, Rick Beebe wrote:
> I have a user on one of my machines who does data processing for people
> around the country. They send him some data, he fiddles with it, generates
> statistics, etc, and then returns the results to them. Some of these
> results are very large (upwards of 10 megs) and he would like to put them
> somewhere where the clients can FTP them.  Here's the problem--I would like
> him to be able to create accounts for these clients (FTP only), but I don't
> want to give him root access on the machine. Is this possible?

Received on Thu Mar 21 1996 - 16:33:42 NZST