proftpd permissions and restrictions help

[Chuck Swiger]

CHris Rich wrote:
> I am setting up an ftp server for a few friends using pro ftp. I need
> to implement restrictions based on usernames.
> 
> Here is what I want: an account for being able to only browse the ftp
> site, an account for uploading, and an account for downloading based
> on the user.

FTP daemons support the notion of an anonyous user, and of named users 
(typically normal Unix user accounts).

Anonymous users can only browse under /var/ftp in a typical configuration, but 
you can set up a world-writable /var/ftp/pub/incoming directory and a cron job 
that moves files in there somewhere else every five minutes (to avoid warez 
redistributors from hosting crap on your site).

Normal users will be able to read and write whereever their user account 
permissions let them, but you can set up user-owned areas or even a 
group-writable area under /var/ftp/ if you want to do that instead.

However, I would also recommend you avoid using authenticated FTP users for 
anything you really care about in terms of security: use FTP for anonymous 
access only, and use scp for authenticated/secure access.  If that doesn't fit 
your circumstances, consider using HTTPS and WebDAV...

-- 
-Chuck