UNIX hackery: Modifying lukemftpd for ftp hosting that doesn't suck
My project for tonight is to modify lukemftpd (the FreeBSD FTP server; see also lukemftpd source) to make it useful for hosting FTP for web hosting farms.
All the FTP servers I've looked at process logins using the system password file or whatever method is used for validating interactive user logins. I don't really like this, because FTP usually requires a plaintext password to be transmitted, so if the FTP password is the same as the user's login password, one snooped FTP login can reveal a user's login details and allow an attacker to obtain an interactive session over SSH.
So ... I'm modifying lukemftpd to let you specify a /etc/passwd-like file that will be used to validate logins.
The result of this will be that you'll be able to have users who don't exist on the host system but are able to log in over FTP, and will be chrootable to wherever you like. So, for example, you'd be able to create a user just for Blogger. That user would be chrooted to the /www/root/blog/ directory, and would have a password that won't permit access to any other system services. This greatly reduces the harm in giving Blogger your FTP login name and password.
Update: All done. Download the patch. The patch is against the current source code on my Debian box, i.e. what I get when I run
Update 2: Looks like the *BSD version will take a bit longer than expected; my patch depends on fgetpwent, which is Linux-only. It shouldn't take long to hack one up from the *BSD system sources for
... more like this: [C++, UNIX, lukemftpd]
All the FTP servers I've looked at process logins using the system password file or whatever method is used for validating interactive user logins. I don't really like this, because FTP usually requires a plaintext password to be transmitted, so if the FTP password is the same as the user's login password, one snooped FTP login can reveal a user's login details and allow an attacker to obtain an interactive session over SSH.
So ... I'm modifying lukemftpd to let you specify a /etc/passwd-like file that will be used to validate logins.
The result of this will be that you'll be able to have users who don't exist on the host system but are able to log in over FTP, and will be chrootable to wherever you like. So, for example, you'd be able to create a user just for Blogger. That user would be chrooted to the /www/root/blog/ directory, and would have a password that won't permit access to any other system services. This greatly reduces the harm in giving Blogger your FTP login name and password.
Update: All done. Download the patch. The patch is against the current source code on my Debian box, i.e. what I get when I run
apt-get source lukemftpd. I'll make a patch for the original NetBSD source soon.Update 2: Looks like the *BSD version will take a bit longer than expected; my patch depends on fgetpwent, which is Linux-only. It shouldn't take long to hack one up from the *BSD system sources for
getpwent though.