User Management

Anonymous users
Traditionally there have always been two sets of FTP users, anonymous users and the rest -- the non-anonymous users. Anonymous users are typically those from outside your network who visit your site to download files your site has made available to the public. These users login to an FTP server with the username anonymous and for common courtesy, use their e-mail address as their password. The FTP server then gives them access to a file area set aside for public access.
Non-anonymous users
The non-anonymous users are those who have real accounts on the FTP server machine (i.e. they have accounts in /etc/passwd). These users have access to the entire filesystem (because they have it when they login and use the machine itself), and whose typical use is just for copying to and from the machine for their personal use.
Restricted users
With the advent of the world-wide-web, it is now common for users to never need to actually login to an FTP server machine, although a user has a real account on the machine. These user accounts serve only as a drop-off point for data files used by other processes on the server machine, such as an HTTP server. Internet Service Providers (ISPs) often create user accounts on the server machine, and require that the user use FTP to manage their web document tree, instead of logging into the machine directly.

For these types of users, NcFTPd offers a feature called restricted users, which are users that have a special restriction applied to them. The most common restriction is to confine users to their home directories, so they would not be able to use FTP to download /etc/passwd or upload to /tmp, for example. As of version 2.8.1 of NcFTPd, all users are restricted to their home directories by default, but you can change this behavior if you want a more traditional UNIX FTP setup.

Separate password databases and virtual users
Non-anonymous users and restricted users still require the creation of a real user account. NcFTPd also lets you create and manage your own NcFTPd Password Databases whose sole purpose is for FTP login authentication. You will often create accounts in a password database that also exist in the system's regular /etc/passwd file, but the real power and flexibility comes from being able to create additional accounts that exist only in a NcFTPd password database. Users that exist in a password database but not the /etc/passwd are called virtual users.

Reasons you will want to use virtual users:

You can use a NcFTPd password database as a replacement or a supplement for your /etc/passwd. For each domain hosted by the machine, you can have NcFTPd configured to check different or shared password databases, with or without the /etc/passwd, and in any order.

Since NcFTPd does not require any supplementary files in the FTP directory, it's painless to setup a new user -- you just use the ncftpd_passwd utility program to add a user to a password database (and make sure that their directory exists).

Virtual users emulate real users, but by default they are restricted to their designated directory. This differs from regular users, who are only restricted if they are a member of a restricted group you create.

Configuring NcFTPd

Now that you understand the various user types that NcFTPd supports, you will want to know how to setup the server for the user types you want.

back home next