Example 3: ISP wants to provide anonymous access and restricted user access
Internet Service Providers frequently find they love the restricted user feature of NcFTPd, where a user login is restricted to their home directory.  But this presents a problem when an ISP wants to give users FTP access to their documents (typically web pages in a ~/public_html directory), but also allow users to publish files for anonymous FTP.  The problem is that restricted users cannot get out of their directory to write into ~ftp, and anonymous users cannot get out of ~ftp to read from user directories.

One solution is to not restrict users who need to make updates into the anonymous FTP hierarchy.  Most users do not need their own anonymous FTP areas, so all the remaining users could be restricted, while a smaller number of users in an unrestricted group would have access to the full filesystem.

Another is to have user home directories directly under ~ftp.  For example, a user named michelle might have her home directory be /home/ftp/pub/michelle.  This solution is ugly because it requires the users to be careful to manage file access permissions to prevent making unwanted files public.

A third solution is available which does allow a user to be restricted to their home directory, yet can make updates to a directory in the anonymous FTP hierarchy.  This bit of trickery requires you to use virtual users as described in the User Management chapter.  To do this, you need to create a virtual user with a different username, but identical UID and GID as the original user, and home directory a directory within ~ftp.

This solution requires you to use at least one NcFTPd Password Database, i.e. "passwd=/etc/passwd,/usr/local/etc/ncftpd/pwd.db". It also requires the user to use FTP to copy files from their account on the machine to the other directory on the same machine, which is an inconvenience.

Up
Previous: Example 2  NcFTPd Home  Next: Example 4