Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all I recently installed proftpd on my server and been using it. But I'm trying to find out is there anyway to deny logins by user groups instead of having to go in and add a user everytime I create a new user to the denied user list?
Or better yet only allow users that are part of a group say ftp...
Also I wanted to ask about chmod. Iread the faq and it said something about allowchmod was deprecated to use SITE_CHMOD now.. but I have no clue what in the hell that means. So could anyone tell me how to enable chmod to work? lol.
Any help is greatly appreicated Thanks
Steven
Last edited by Steven6282; 02-20-2003 at 11:23 PM.
I know someone must use this program and know about this as popular as this program supposingly is.
I read the faq and allthough I dont understand most of it I gathered that I can add <Limit (command)></Limit> and use a list of directives that I found on a site but so far it isn't working at all for me.
Here is my proftpd.conf file right now
AccessGrantMsg "Welcome to the chosen guild ftp server"
AllowOverwrite on
RootLogin off
MaxLoginAttempts 3
<VirtualHost 192.168.1.102>
Port 21
ServerName "TheChosenFTP"
MaxClientsPerHost none
AllowOverwrite on
<Limit SITE_CHMOD>
AllowAll
</Limit>
<Limit LOGIN>
DenyAll
AllowGroup ftp
</Limit>
UseFtpUsers off
</VirtualHost>
<Global>
AllowOverwrite on
RequireValidShell on
UseFtpUsers off
</Global>
As you can see UseFtpUsers is off... but the server is still going by that list to deny specific users access. It seems to ignore my <Limit> commands.. I added AllowAll under SITE_CHMOD and I still cannot chmod with any user that I connect to FTP with.
Also I added the Login Directive DenyAll AllowGroup ftp ... the way I understand this that should only allow users in the group ftp to be able to even login. Yet it dosn't... I can still login with a mail user only and not at all with an FTP user on the denied list.
I just dont understand what is the use of a config file if the server isn't going to follow the rules set in it? I really need some help on this.
Is there any particular reason you're using VHosts?? Do you want to run more than one FTP server on that machine?
If you need to use VHosts, keep this in mind:
If you're accessing it from an interface other than 192.168.1.102, then it will use the default settings and your virtual host settings will not be applied. Try setting the ServerIdent both in and out of the VirtualHost block to determine if the VHost is being used, for example:
ServerIdent on "You are NOT using the vhost"
<VirtualHost 192.168.1.102>
ServerIdent on "You ARE using the vhost"
...
If there's no reason to use VHosts, dont! It will only make the config confusing. Just remove the <VirtualHost> tags and you'll be all set.
Thought of one more thing... are you using PAM? I think some Redhat distros by default have a PAM module that blocks using the /etc/ftpusers file, and I know that ProFTPd enables PAM by default.
Check out your /etc/pam.conf or /etc/pam.d/ftp file. You may have a line in there that looks like:
If so, comment that out and restart the FTP server. You should be okay.
Or, alternatively you could disable PAM for ProFTPd alltogether (not recommended) by overriding the default ON setting by adding this directive to your ProFTPd conf file:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.