I've had good luck with vsftpd in terms of managing legacy web folder access, and specifically in terms of "virtual" accounts that need not exist on the target system, but are still limited in filesystem access. Given how you are using this strictly for storage I'd think a "virtual" user setup would work well. Certainly there won't be any limits on numbers of sessions (simultaneous, from given source addresses or otherwise).
While I don't know if there is any GUI, the process and information to create for a new user is pretty simple, and could easily be scripted or a quick 'n dirty web page put up.
Once set up, to create users, you just need to:
- Add a line to the virtual user password file
- Create some local directory for that account to use
- Add a config file for the user to set vsftpd to lock the user to that directory (can be avoided if the directory will match the user name)
I did the following on my system to set up the above scenario. First, the basic vsftpd.conf looked like:
Code:
ftpd_banner=XXXX.com FTP server
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
guest_enable=YES
guest_username=[USER]
chroot_local_user=YES
hide_ids=YES
user_config_dir=/etc/vsftpd/users
The [USER] entry is the actual system user that you wish the ftp users to act as when working with the local filesystem. So technically all files will be owned by the same system user, but each user is locked to their own respective directory anyway. Although one aspect of this is you can create an administrative account that is rooted right above all the per-user directories and can then access everything.
Of course, if you'd prefer you could create actual system accounts for each user, but since they'll never do anything but use ftp it seems more overhead than its worth.
To support password lookup without requiring an actual system user, I added a PAM configuration file to reference a separate password file for vsftpd.
Code:
# /etc/pam.d/vsftpd
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so
The /etc/vsftpd/passwd file can be maintained with htpasswd from Apache, for example.
Now, in my case there wasn't always a clean mapping between user and directory, so I implemented per-user configuration files (in /etc/vsftpd/users via the user_config_dir setting) each of which had at least one configuration line setting local_root appropriately, as in:
Code:
# /etc/vsftpd/users/someuser
local_root=<somedirectory>
But if you can keep your directory names matching the account names, then vsftpd has some other options to make that easier by setting user_sub_token, and then assigning your dedicated "guest" user a home directory including that token, which then gets replaced with the virtual username.
So, for example, if user_sub_token was set to "$USER", and your guest user (say "student") has a home directory of /srv/students/$USER, then logging in with a virtual user of "fred" will lock that ftp session to the /srv/students/fred folder (which must already exist).
Hope that gives you some ideas.
-- David