User accounts in FTP

I have an FTP server(proftpd on debian) that I'm going to allow a couple friends access to, and I want some safety nets in place, just in case.

These are some of the things I'd like to do:

Jail the accounts to their home directories and impose a cap on the amount of data they can upload
Allow them access to a shared folder(via symlink or something) where they have full access(Also with a storage cap, but larger)
Allow my own account full access to the system(Using groups I guess)
Not allow anonymous access, or allow it with its own folder, separate from the shared user folder

Currently, I've got the accounts set up and jailed, but it seems like the symlink that I put in is not allowing them to visit the shared folder. I suppose this has to do with them not having read permissions anywhere but their own home directories, or maybe it's something else, I'll continue to look into it and provide any information that is requested.

Is what I'm trying to do possible? Any tips or resources that you can share are appreciated. Thanks.

Brad

Posted 2012-07-05T09:01:46.247

Reputation: 95

Answers

I originally had this under edit, but I realized today that you are able to answer your own question on stackexchange... Whoops.

I haven't provided any updates on this in a while, but I'm going to record what I've done here, for myself and others to reference. I didn't impose any limits on the allowed disk space in the end, but this might be helpful. For the shared folder, I used the bind option of mount - it's said to not work in old versions of linux, but it worked for me. My fstab config for this option looks like:

/absolute/path/to/folder /home/user1/Shared ext4 bind   0       0
/absolute/path/to/folder /home/user2/Shared ext4 bind   0       0 ...

That's pretty much it, look up the bind option for more info if you'd like. I also chown'd the folder so that only users in a specific group could read or write to it, and I kept the users jailed to their home directories. I also never decided to give my own account full access, as I realize now that it's probably an unnecessary security risk; I can just ssh in from home and do whatever I need through that. I hope that this ends up helping someone else.

Brad

Posted 2012-07-05T09:01:46.247

Reputation: 95

Is what I'm trying to do possible?

With a single login per friend, you (probably) can't do both of

Jail the accounts to their home directories.
Allow them access to a shared folder.

You could do any one of

Provide a separate account for accessing the shared folder.
Use something like unison to replicate a subfolder between all jailed accounts.
Something else I haven't thought of :-)

RedGrittyBrick

Posted 2012-07-05T09:01:46.247

Reputation: 70 632

Thanks for the advice, I'm going to continue looking into having a single shared directory, but unison sounds like it might work for a small number of people. I'm going camping for a couple days, so I won't be trying any of this until I get back, but any other advice that anyone can share is still appreciated. – Brad – 2012-07-06T02:02:35.603