Permissions for guest user for FTP transfer


#1

Signed up for DreamHost in December, just now setting it all up.

I am ftp site ignorant.

I made a user account with a guest name.

This will be for people who are either downloading files from me, or uploading files to me.

When I go to ftp://mydomain.com and log in with the guest account I see folders that include maildir, which has inside it cur, new, temp folders.

I assume I do not want outsiders to see such things. (What are those folders for anyway?)

So my questions are.

  1. Where and how do I create a folder to place files to transfer to or from a guest user?

  2. How do I restrict access to a guest logging into my ftp to just the folder that contains the file transfers?


Seperate WP installs required if different theme used for subdomain?
#2

How are you planning to build your site? many CMS’s have a plugin to handle an area such as this… \

quite a few years ago the direction you’re taking might have been the way to go… the method of creating this type of ftp account is kind of dated…


#3

Thanks. But, I do not know what you are talking about really when you ask how many CMS. Is that a rhetorical question?

I have seen many business sites where clients are sent an address with a username and password, which lead to an normal, insecure FTP site where they either pickup or drop off documents.

This query of mine is mainly about using my DreamHost FTP availability to get files too big to email.

For example:

I will have one site called onemanz.com, with subsites onemanz.com/guitar will have reviews about guitars, etc.

A guitar dealer took video of me sampling guitars at his shop. The files are way too big for email. I need him to be able to transfer video files too me via my ftp site, so I can then download them to my PC and edit them before putting them on my website.

A similar example, I shoot video of a band, I want them to have the raw files, so I want to put them on my FTP in a folder and have the guy on the West Coast download it by logging in with the guest account.

When I watch tutorials on this stuff, when setting up a user for FTP there is a place that allows one to have that user automatically enter a specific subfolder in FTP rather than the root directory.

1 - how do I make those subfolders in the FTP that came with DreamHost?

2 - how do I set up a new user so when they log in, they come into the subfolder? Or are otherwise restricted to only certain areas in the ftp directory.

When you say outdated, how else would I use this, other than an insecure third party site like Drop Box. I thought FTP was designed for just this sort of thing.

Thanks


#4

DropBox is actually more secure that a shared FTP account.

If you insist on using a “shared FTP” just create a new user in Panel for the purpose.


#5

Not according to the head of a security of the multinational law firm I was working for in IT until Feb 1. He advised the entire firm to avoid Dropbox and never have it running on a home PC except for the few moments it is used to transfer something, siting multiple instances of private and corporate PCs infiltrated through Dropbox. The firm was also not allowed to use it professionally, except to go get files on an outside client’s site that insisted on using it.


#6

But handing out passwords is “secure”. Right.


#7

Seems like Google Drive would be a nice solution. You might have to purchase extra storage space, but I think if you get Google Apps you start out with 50gb free.

I use Google Drive for sharing docs and it works very nicely. Very easy to handle permissions (right click and share)

From their website:

Google Drive gives you control over all of your file types in a single place, including video files. With Google Drive, you can:

Sync or upload video files up to 10GB in size
Sync or upload video files in the following formats:
    WebM files (Vp8 video codec; Vorbis Audio codec)
    .MPEG4, 3GPP and MOV files - (h264 and mpeg4 video codecs; AAC audio codec)
    .AVI (MJPEG video codec; PCM audio)
    .MPEGPS (MPEG2 video codec; MP2 audio)
    .WMV
    .FLV (Adobe - FLV1 video codec, MP3 audio)
View all of your videos at a glance
Store up to 5GB of videos or other file types for free
Share videos with other people without ever having to use an email attachment
Add caption tracks to your video files.

#8

:slight_smile:

handing out passwords to someone you trust and then changing the pw the moment they finish the transfer is secure, yes.

I will look into Google Drive. Thanks.

But the OP remains unanswered.

How does one make subfolders on the DreamHost ftp?

And, is there a way to a) set an ftp user to always enter into a specific subfolder (something other host sites have as part of the user creation) and b) is there some way to limit folder access based on the ftp user?


#9

Nothing via ftp is secure… period the end. (SFTP came alone to make things more secure, but that is not really even the solution you are looking for.)

nothwithstanding…

No the question was not rhetorical.

It’s theoretically possible to set an ftp account, as you have discussed, but if this were my project I would use a CMS and the appropriate plugin, you should too. Your attempting to set something up that is not secure, and your attempting to justify your actions with rhetoric.


#10

No, it is not. Nor has it ever been a secure method.

Log in and create them.

No and no.

Note to anyone else searching for ways to share files: Setting up an account in this manner is absolutely the incorrect way to accomplish the desired result.


#11

That is too bad, cleary the ftp on Dreamhost is lacking and inferior to other similar sites.

I do log in, but I see nothing that shows me how to make a subfolder in the ftp site.

Otherwise, please explain how giving passwords to a trusted source, that are immediately changed by a network admin after their only use are insecure, compared to other methods available, like for instance Dropbox, which the Chinese government has been using to infiltrate all sorts of systems for years.


#12

The person you give the password to is not what makes FTP insecure. With FTP, nothing can be encrypted, so it is possible for others to listen…even for the password.
Once someone has a password, it only takes a moment to establish an SSH key, which will then allow them entry even after you change your password.

SFTP is more secure since it is encrypted.

Honestly, I am not sure why web-hosting companies allow FTP to be used. Probably because Windows and Macs do not support SFTP by default (requires third party add-ons)


#13

nope. at least read the Wikipedia article before embarrassing yourself. The ftp protocol is ancient and insecure. The Chinese govt (or anyone else that knows how to run a packet sniffer) can read the password as it’s sent in clear text and log in concurrently with you. Even if you change the password immediately they wouldn’t be kicked off, once they’re in they’re in. and they can leave backdoors to return.

Any system that relies on a user to manually change a password after it’s used is not secure. And how do you send the password to them? via email? which is transmitted in clear text.

What you need is a web app or cms that allows you to create user accounts. The user sets or changes their own password, and you assign permissions to their account to allow access to whatever download areas you need to create.

Offhand I don’t know of an exact recipe to set that system up. The reason I asked you above if you had a CMS in mind was to see if you were already planning on using Wordpress, joomla, or any of the many others. If so then we can look for plugins that might achieve what you are looking for.

We really are trying to help you, but you are defeating yourself.

[edit: added anchor to link]