Hello all I recently installed proftpd on my server and been using it. But I'm trying to find out is there anyway to deny logins by user groups instead of having to go in and add a user everytime I create a new user to the denied user list?

Or better yet only allow users that are part of a group say ftp...

Also I wanted to ask about chmod. Iread the faq and it said something about allowchmod was deprecated to use SITE_CHMOD now.. but I have no clue what in the hell that means. So could anyone tell me how to enable chmod to work? lol.

Any help is greatly appreicated Thanks
Steven

I know someone must use this program and know about this as popular as this program supposingly is.

I read the faq and allthough I dont understand most of it I gathered that I can add <Limit (command)></Limit> and use a list of directives that I found on a site but so far it isn't working at all for me.

Here is my proftpd.conf file right now

AccessGrantMsg "Welcome to the chosen guild ftp server"
AllowOverwrite on
RootLogin off
MaxLoginAttempts 3
<VirtualHost 192.168.1.102>
Port 21
ServerName "TheChosenFTP"
MaxClientsPerHost none
AllowOverwrite on
<Limit SITE_CHMOD>
AllowAll
</Limit>
<Limit LOGIN>
DenyAll
AllowGroup ftp
</Limit>
UseFtpUsers off
</VirtualHost>
<Global>
AllowOverwrite on
RequireValidShell on
UseFtpUsers off
</Global>

As you can see UseFtpUsers is off... but the server is still going by that list to deny specific users access. It seems to ignore my <Limit> commands.. I added AllowAll under SITE_CHMOD and I still cannot chmod with any user that I connect to FTP with.

Also I added the Login Directive DenyAll AllowGroup ftp ... the way I understand this that should only allow users in the group ftp to be able to even login. Yet it dosn't... I can still login with a mail user only and not at all with an FTP user on the denied list.

I just dont understand what is the use of a config file if the server isn't going to follow the rules set in it? I really need some help on this.

bumping this up one last time. I find it hard to believe that no one on this forum has any experience in proftp in order to help me out.

Yea, im having the same problem with getting help for my WU-FTPD question. Good luck man.

Steven6282,

Is there any particular reason you're using VHosts?? Do you want to run more than one FTP server on that machine?

If you need to use VHosts, keep this in mind:

If you're accessing it from an interface other than 192.168.1.102, then it will use the default settings and your virtual host settings will not be applied. Try setting the ServerIdent both in and out of the VirtualHost block to determine if the VHost is being used, for example:

ServerIdent on "You are NOT using the vhost"

<VirtualHost 192.168.1.102>
ServerIdent on "You ARE using the vhost"
...

If there's no reason to use VHosts, dont! It will only make the config confusing. Just remove the <VirtualHost> tags and you'll be all set.

good luck.
-B

Ben yes I'll be running more than one ftp server once I get everything set up right.

And I know its using vhosts because the FTP server didn't work till I added the vhost

Thought of one more thing... are you using PAM? I think some Redhat distros by default have a PAM module that blocks using the /etc/ftpusers file, and I know that ProFTPd enables PAM by default.

Check out your /etc/pam.conf or /etc/pam.d/ftp file. You may have a line in there that looks like:

auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

If so, comment that out and restart the FTP server. You should be okay.

Or, alternatively you could disable PAM for ProFTPd alltogether (not recommended) by overriding the default ON setting by adding this directive to your ProFTPd conf file:

AuthPAM off

Hope this helps you out....