automatic user generation for ftp-upload service

Wed Jun 10 19:56:57 UTC 2009

On Wed, Jun 10, 2009 at 02:40:06PM +0200, Franz Waldm??ller wrote:
> I kindly ask for some advice for a rather challenging (at least for me) 
> task:
> The guests of a wedding should be able to upload their photos to a 
> server. The task is to collect the pictures, not to make a gallery.
> 
> I want to avoid online photo-services: we don't want any restrictions on 
> image size, total size and want to ensure that the data is only accessed 
> by certain people.
> This is the solution (?) I figured out and would like to realize:
> Use the vsftpd ftp-server but disable anonymous write access. Instead 
> automatically create 150 users with random passwords. This users should 
> only access the ftp server but since the cannot access it physically I 
> will only have to disable their ability to login with ssh (I will use to 
> the openssh-server package for remote administration).
> 
> Task 1: create the user list random name and random password and export 
> the user list to a text file.
> (I will use glabels print individual login cards for each guest.)

> 
> Task 2: configure vsftpd:
> Each user should be able to create directories and to copy files to the 
> server.
> Restricting every user to its home directory should be sufficient.
> 
> Task 3: Demand my administrator to open the required ports. I am not yet 
> sure about which ports to demand.
> port 22 for the remote ssh access but for ftp I will have to specify 
> several ports (passive range). I will figure out which ones are needed.
> 
> With this solution I hope that everybody will be able to transfer files 
> from his (Windows-) PC to the server just using the Windows-Explorer 
> File Manager. The login-cards which will be handed out to the guest will 
> feature a small ???how to upload??? but still is has to remain very easy.
> 
> Do you know if the Windows Explorer will handle this? Is there something 
> to take about or do you have some advice for a better solution?
> I am confident that I will be able to manage the vsftpd config, but I 
> would appreciate some help on the generation of the user list.

This is too complicated, and will run into problems. Naive users easily
get confused and don't follow directions very carefully. Give everyone the SAME
username/password (which should not be too obscure a string of letters/numbers),
and run a script once a minute to move any new files to another directory
while renaming them uniquely (like adding a timestamp to the name).
You need ports 20 and 21 for ftp; most systems allow passive
ftp and the port range gets spcified by the administrator and automatically
handled. Unless your firewall is very restrictive and only handles incoming
established connections, you won't have to do anything more about this.

Since this is a private arrangement between you and the guests, don't put
any links on any webpage to the upload directory (which can be made write only).
Set a time limit for uploads and disable the account when that time expires.
In my experience, the actual possiblity of exposure to hostile activity
under this sort of structure is quite small.

If you set the shell for the ftp account to /dev/null (and include /dev/null in
/etc/shells), the account will only allow ftp connections. By setting the upload
directory to write only (--w--w--w or 0222 mode), it cannot be used by others
for stealth file transfer. Unless you need to identify who took which picture,
you are done. You can then take the accumulated pictures and put them up yourself
on a web page, make a CD or whatever.

> 
> Thank you very much
> 
> Franz
> 
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

-- 

-=[Lou Katz]=-
Apres moi, le deluge.