Setting Up Guest Users
by Jamie Cameron
Managing Linux® Systems with Webmin™ System Administration and Module Development
- Copyright
- Bruce Perens' Open Source Series
- Introduction to Webmin
- Installing Webmin
- Securing Your Webmin Server
- Users and Groups
- Introduction to UNIX Users and Groups
- The Users and Groups Module
- Creating a New User
- Editing an Existing User
- Deleting a User
- Creating a New Group
- Editing an Existing Group
- Deleting a Group
- Viewing Recent and Current Logins
- Reading Users' Email
- Creating Users from Batch Files
- Configuring the Users and Groups Module
- Before and After Commands
- Module Access Control
- Other Operating Systems
- Summary
- Disk and Network Filesystems
- Introduction to Filesystems
- The Disk and Network Filesystems Module
- Mounting an NFS Network Filesystem
- Mounting an SMBFS Windows Networking Filesystem
- Mounting a Local ext2 or ext3 Hard Disk Filesystem
- Mounting a Local Windows Hard Disk Filesystem
- Adding Virtual Memory
- Automounter Filesystems
- Editing or Removing an Existing Filesystem
- Listing Users of a Filesystem
- Module Access Control
- Configuring the Disk and Network Filesystems Module
- A Comparison of Filesystem Types
- Other Operating Systems
- Summary
- NFS File Sharing
- Disk Quotas
- Introduction to Disk Quotas
- The Disk Quotas Module
- Enabling Quotas for a Filesystem
- Disabling Quotas for a Filesystem
- Setting Quotas for a User or Group
- Copying Quotas to Multiple Users
- Setting Grace Times
- Setting Default Quotas for New Users
- Other Operating Systems
- Configuring the Disk Quotas Module
- Module Access Control
- Summary
- Partitions, RAID, and LVM
- Introduction to Hard Disk Partitions
- The Partitions on Local Disks Module
- Adding and Formatting a New Partition
- Creating a New Filesystem
- Partition Labels
- Deleting or Changing a Partition
- Module Access Control
- Other Operating Systems
- Introduction to RAID
- The Linux RAID Module
- Introduction to LVM
- The Logical Volume Management Module
- Creating a New Volume Group
- Adding and Removing a Physical Volume
- Creating and Deleting a Logical Volume
- Resizing a Logical Volume
- Creating a Snapshot
- Summary
- Bootup and Shutdown
- Introduction to the Linux Boot Process
- The Bootup and Shutdown Module
- Configuring an Action to Start at Bootup
- Starting and Stopping Actions
- Adding a New Action
- Rebooting or Shutting Down Your System
- Configuring the Bootup and Shutdown Module
- Other Operating Systems
- The SysV Init Configuration Module
- Summary
- Scheduled Commands
- Introduction to Cron Jobs
- The Scheduled Cron Jobs Module
- Creating a New Cron Job
- Editing a Cron Job
- Controlling Users' Access to Cron
- Module Access Control Options
- Configuring the Scheduled Cron Jobs Module
- Other Operating Systems
- The Scheduled Commands Module
- Creating a New Scheduled Command
- Summary
- Process Management
- Software Packages
- System Logs
- Filesystem Backups
- Internet Services
- Introduction to Internet Services
- The Internet Services and Protocols Module
- Enabling an Internet Service
- Creating Your Own Internet Service
- Creating and Editing RPC Programs
- Configuring the Internet Services and Protocols Module
- Other Operating Systems
- The Extended Internet Services Module
- Enabling or Editing an Extended Internet Service
- Creating an Extended Internet Service
- Editing Default Options
- Summary
- Network Configuration
- Network Information Service
- PPP Server Configuration
- Firewall Configuration
- Introduction to Firewalling with IPtables
- The Linux Firewall Module
- Allowing and Denying Network Traffic
- Changing a Chain's Default Action
- Editing Firewall Rules
- Creating Your Own Chain
- Setting Up Network Address Translation
- Setting Up a Transparent Proxy
- Setting Up Port Forwarding
- Firewall Rule Conditions
- Configuring the Linux Firewall Module
- Summary
- Setting the Date and Time
- Boot Loader Configuration
- Introduction to Boot Loaders
- The Linux Bootup Configuration Module
- Booting a New Kernel with LILO
- Booting Another Operating System with LILO
- Editing Global LILO Options
- The GRUB Boot Loader Module
- Booting a New Linux Kernel or BSD with GRUB
- Booting Another Operating System with GRUB
- Editing Global GRUB Options
- Installing GRUB
- Configuring the GRUB Boot Loader Module
- Summary
- Printer Administration
- Voicemail Server Configuration
- Remote Shell Login
- Running Custom Commands
- Webmin's File Manager
- The File Manager Module
- Navigating Directories and Viewing Files
- Manipulating Files
- Creating and Editing Files
- Editing File Permissions
- Creating Links and Directories
- Finding Files
- Editing EXT File Attributes
- Editing XFS File Attributes
- Editing File ACLs
- Sharing Directories
- Module Access Control
- Summary
- Perl Modules
- Status Monitoring with Webmin
- Apache Web Server Configuration
- Introduction to Apache
- The Apache Webserver Module
- Starting and Stopping Apache
- Editing Pages on Your Web Server
- Creating a New Virtual Host
- Setting Per-Directory Options
- Creating Aliases and Redirects
- Running CGI Programs
- Setting Up Server-Side Includes
- Configuring Logging
- Setting Up Custom Error Messages
- Adding and Editing MIME Types
- Password Protecting a Directory
- Restricting Access by Client Address
- Encodings, Character Sets, and Languages
- Editing .htaccess Files
- Setting Up User Web Directories
- Configuring Apache as a Proxy Server
- Setting Up SSL
- Viewing and Editing Directives
- Module Access Control
- Configuring the Apache Webserver Module
- Summary
- DNS Server Configuration
- Introduction to the Domain Name System
- The BIND DNS Server Module
- Creating a New Master Zone
- Adding and Editing Records
- Record Types
- Editing a Master Zone
- Creating a New Slave Zone
- Editing a Slave Zone
- Creating and Editing a Forward Zone
- Creating a Root Zone
- Editing Zone Defaults
- Configuring Forwarding and Transfers
- Editing Access Control Lists
- Setting Up Partial Reverse Delegation
- Using BIND Views
- Module Access Control
- Configuring the BIND DNS Server Module
- The BIND 4 DNS Server Module
- Summary
- CVS Server Configuration
- DHCP Server Configuration
- Introduction to the Dynamic Host Configuration Protocol
- The ISC DHCP Server
- The DHCP Server Module
- Adding and Editing Subnets
- Viewing and Deleting Leases
- Editing Global Client Options
- Adding and Editing Fixed Hosts
- Adding and Editing Shared Networks
- Adding and Editing Groups
- Module Access Control
- Configuring the DHCP Server Module
- Summary
- Downloading Email with Fetchmail
- Managing Majordomo Mailing Lists
- Introduction to Mailing Lists and Majordomo
- The Majordomo List Manager Module
- Using Other Mail Servers
- Creating a Mailing List
- Managing List Members
- Editing List Information, Headers, and Footers
- Editing Subscription Options
- Editing Forwarded Email Options
- Editing List Access Control
- Moderating and Maintaining a Mailing List
- Deleting a Mailing List
- Creating a Digest List
- Editing Digest Options
- Editing Global Majordomo Options
- Module Access Control
- Configuring the Majordomo List Manager Module
- Summary
- The MySQL Database
- Introduction to MySQL
- The MySQL Database Server Module
- Creating a New Database
- Creating a New Table
- Adding and Editing Fields
- Field Types
- Viewing and Editing Table Contents
- Deleting Tables and Databases
- Executing SQL Commands
- Backing Up and Restoring a Database
- Managing MySQL Users
- Managing Database, Host, Table, and Field Permissions
- Module Access Control
- Configuring the MySQL Database Server Module
- Summary
- The PostgreSQL Database
- Introduction to PostgreSQL
- The PostgreSQL Database Server Module
- Creating a New Database
- Creating a New Table
- Adding and Editing Fields
- Deleting a Field
- Field Types
- Viewing and Editing Table Contents
- Deleting Tables and Databases
- Executing SQL Commands
- Backing Up and Restoring a Database
- Managing PostgreSQL Users
- Managing PostgreSQL Groups
- Restricting Client Access
- Editing Object Privileges
- Module Access Control
- Configuring the PostgreSQL Database Server Module
- Summary
- Configuring Sendmail
- Introduction to Internet Email
- The Sendmail Configuration Module
- Editing Local Domains and Domain Masquerading
- Managing Email Aliases
- Configuring Relaying
- Managing Virtual Address Mappings
- Configuring Domain Routing
- Editing Global Sendmail Options
- Viewing the Mail Queue
- Reading Users' Email
- Adding Sendmail Features with M4
- Creating Autoreply Aliases
- Creating Filter Aliases
- Sendmail Module Access Control
- Configuring the Sendmail Configuration Module
- Summary
- Configuring Qmail
- Introduction to Qmail
- The Qmail Configuration Module
- Editing Local Domains
- Managing Email Aliases
- Configuring Relaying
- Managing Virtual Mappings
- Configuring Domain Routing
- Editing Global Qmail Options
- Editing Mail User Assignments
- Viewing the Mail Queue
- Reading Users' Email
- Configuring the Qmail Configuration Module
- Summary
- Analyzing Log Files
- The ProFTPD Server
- Introduction to FTP and ProFTPD
- The ProFTPD Server Module
- Running ProFTPD from inetd or xinetd
- Using the ProFTPD Server Module
- Creating Virtual Servers
- Setting Up Anonymous FTP
- Restricting Users to Their Home Directories
- Limiting Who Can Log In
- Setting Directory Listing Options
- Message and Readme Files
- Setting Per-Directory Options
- Restricting Access to FTP Commands
- Configuring Logging
- Limiting Concurrent Logins
- Restricting Clients by IP Address
- Limiting Uploads
- Manually Editing Directives
- Configuring the ProFTPD Server Module
- Summary
- The WU-FTPD Server
- Introduction to WU-FTPD
- The WU-FTPD Server Module
- Limiting Who Can Log In
- Setting Up Anonymous FTP
- Managing User Classes
- Denying Access to Files
- Setting Up Guest Users
- Editing Directory Aliases
- Message and Readme Files
- Configuring Logging
- Limiting Concurrent Logins
- Restricting Clients by IP Address
- Restricting Access to FTP Commands
- Configuring the WU-FTPD Server Module
- Summary
- SSH Server Configuration
- Windows File Sharing with Samba
- Introduction to SMB and Samba
- The Samba Windows File Sharing Module
- Managing Samba Users
- Adding a New File Share
- Adding a New Printer Share
- Viewing and Disconnecting Clients
- Editing Share Security Options
- Editing File Permission Settings
- Editing File Naming Options
- Editing Other File Share Options
- Editing Printer Share Options
- Editing Share Defaults
- Configuring Networking
- Configuring Authentication
- Configuring Printers
- Accessing SWAT from Webmin
- Module Access Control
- Configuring the Samba Windows File Sharing Module
- Summary
- Configuring the Squid Proxy Server
- Introduction to Proxying and Squid
- The Squid Proxy Server Module
- Changing the Proxy Ports and Addresses
- Adding Cache Directories
- Editing Caching and Proxy Options
- Introduction to Access Control Lists
- Creating and Editing ACLs
- Creating and Editing Proxy Restrictions
- Setting Up Proxy Authentication
- Configuring Logging
- Connecting to Other Proxies
- Clearing the Cache
- Setting Up a Transparent Proxy
- Viewing Cache Manager Statistics
- Analyzing the Squid Logs
- Module Access Control
- Configuring the Squid Proxy Server Module
- Summary
- Filtering Email with Procmail
- Creating SSL Tunnels
- Usermin Configuration
- Introduction to Usermin
- The Usermin Configuration Module
- Starting and Stopping Usermin
- Restricting Access to Usermin
- Changing the Port and Address
- Configuring the Usermin User Interface
- Installing Usermin Modules
- Changing the Default Language
- Upgrading Usermin
- Configuring Authentication
- Editing Categories and Moving Modules
- Changing and Installing Themes
- Turning on SSL
- Configuring Usermin Modules
- Restricting Access to Modules
- Limiting Who Can Log In
- About the Usermin Modules
- Configuring the Usermin Configuration Module
- Summary
- Cluster Software Management
- Cluster User Management
- The Cluster Users and Groups Module
- Registering a Server
- Creating a New User
- Editing an Existing User
- Deleting a User
- Creating a New Group
- Editing an Existing Group
- Deleting a Group
- Refreshing User and Group Lists
- Synchronizing Users and Groups
- Listing and Removing a Server
- Configuring the Cluster Users and Groups Module
- Summary
- Cluster Webmin Configuration
- The Cluster Webmin Configuration Module
- Registering a Server
- Creating a New Webmin User
- Editing or Deleting a Webmin User
- Creating a New Webmin Group
- Editing or Deleting a Webmin Group
- Editing the User or Group ACL for a Module
- Installing a Module or Theme
- Viewing and Deleting a Module or Theme
- Refreshing User and Module Lists
- Listing and Removing a Server
- Configuring the Cluster Webmin Configuration Module
- Summary
- Webmin Configuration
- The Webmin Configuration Module
- Restricting Access to Webmin
- Changing the Port and Address
- Setting Up Logging
- Using Proxy Servers
- Configuring the Webmin User Interface
- Installing and Deleting Webmin Modules
- Cloning a Webmin Module
- Changing Your Operating System
- Editing the Program Path and Environment Variables
- Changing Webmin's Language
- Editing Main Menu Settings
- Upgrading Webmin
- Installing Updates to Webmin
- Configuring Authentication
- Editing Categories and Moving Modules
- Changing and Installing Themes
- Referrer Checking
- Allowing Unauthenticated Access to Modules
- Turning on SSL
- Setting Up a Certificate Authority
- Summary
- Webmin Access Control
- Introduction to Webmin Users, Groups, and Permissions
- The Webmin Users Module
- Creating a New Webmin User
- Editing a Webmin User
- Editing Module Access Control
- Creating and Editing Webmin Groups
- Requesting a Client SSL Key
- Viewing and Disconnecting Login Sessions
- Module Access Control
- Configuring the Webmin Users Module
- Summary
- Webmin Servers
- Logging in Webmin
- Webmin Module Development
- Advanced Module Development
- Inside the Scheduled Cron Jobs Module
- Creating Webmin Themes
- Inside the MSC Theme
- The Webmin API
- Index
41.7. Setting Up Guest Users
A guest FTP user is a real UNIX user who is limited by WU-FTPD to a certain directory, just as anonymous clients are restricted. They still have full privileges within that directory, though, including the rights to upload files, rename, and chmod files. Limiting a user to guest access can be useful if you want to prevent him from seeing parts of your filesystem outside his home directory or some parent directory, like /home.
Every user who is designated as a guest by the FTP server configuration can have a different root directory, or some can be the same. The chosen root directories, however, must be set up in the same way as the anonymous FTP root is—with bin, lib, and etc subdirectories containing all the programs and files needed by WU-FTPD. You can just copy those directories across from the anonymous root, though, so the set up process is not that hard.
To set up a user as a guest, his home directory must be specially modified. To do this using Webmin, follow these steps:
1. | Go to the Users and Groups module (covered in Chapter 4) and click on the name of the user that you want to restrict. |
2. | Change his home directory to guestroot/./homedir, in which guestroot is the root directory that you have prepared, and homedir is a subdirectory under it. If you are using /home as the root, /home/./jcameron could be the directory for the user jcameron. This special /./ entry in the path tells WU-FTPD where the root is, but should not confuse other programs. |
3. | Click the Save button at the bottom of the page. Webmin will move his home directory to the new location, if necessary. |
Of course, you can specify such a home when creating a new user as well. This is only the first step, though. To configure WU-FTPD to treat certain users as guests, you will need to follow these steps:
1. | In the WU-FTPD Server module, click on the Users and Classes icon to bring up the form shown in Figure 41.2. |
2. | In the Unix users and UIDs to treat as guests, enter a space-separated list of usernames, UIDs, or UID ranges (like %1000-2000 or %5000-) of users to be designated as guests. You can also enter a list of group names, IDs, and ID ranges in the Unix groups and GIDs to treat as guests field to have all their primary members treated as guests, as well. |
3. | To stop some users from being converted to guests even if they are in the lists or ranges set in Step 2, fill in the Unix users and UIDs not to treat as guests and Unix groups and GIDs not to treat as guests fields. This can be useful if you want to make everyone a guest except a few trusted users. |
4. | Click the Save button at the bottom of the page to activate the new guest designations. |
If a user has been configured as a guest but does not have /./ in his home directory, he will not be restricted to any root directory.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.