Havin trouble allowing FTP users to access files and directories

bripage · 04-03-2002, 10:16 AM

For some reason Im having a bit of trouble get the pftp daemon to allow the ftp users to not only access files, but just move around in the filesystem. Also, Id like to know how to just make a directory, FTP for instance, and have everything that goes on with the ftp happen in there (uploading/downloading). That way its more secure.

bripage · 04-03-2002, 02:57 PM

does anyone know what I need?

bripage · 04-04-2002, 12:29 AM

hmmm having a bit of trouble here.. can someone please help me?

Mik · 04-04-2002, 02:48 AM

Well you haven't really specified what problems you are having exactly. But there are many answers in:
http://proftpd.org/docs/faq/proftpdfaq.html

You can use the DefaultRoot directive to jail all the users to a specific directory.
http://proftpd.org/docs/directives/l...faultRoot.html

bripage · 04-04-2002, 04:46 AM

Im trying to figure out why when I login into the server as anonymous... I cant access anything or go anywere on there server at all.

Mik · 04-04-2002, 05:21 AM

Probably because of the permissions. The anonymous section should have a user and group which is used for the anonymous user. That user should have read and execute permissions to be able to see the contents of the directory.

bripage · 04-04-2002, 09:25 AM

How do I check the file permisions to see if the allowed to be seen by FTP? Then, How can I change the access directory that the FTP users log into because currently its root althoguh nothing shows up for them to mess with.

hanzerik · 04-04-2002, 09:28 AM

Its up to you to put files there for your anonymous users.

They should not have read/write access for security reasons. By default, when anonymous users connects, they are locked into the /home/ftp directory and cannot go anywhere else. They only have read access.

You dont want people you dont know to have the ability to navigate all over your system and look at your system files. Lets say you let a unknown person be able to view your passwd file, and from that he gets the usernames of everyone on the system, he can then try to crack their passwords by trying different password combos based on a username. And you let them see your firewall script, maybe then they can find a weakness. The list goes on and on.

If they are your friends, then create them a unix username and password using adduser. They will be able to ftp (read/write) to their home directory and still navigate the system. At least that way you can keep track of what they are doing.

If you allow anonymous users to browse your system you are asking for trouble.

hanzerik · 04-04-2002, 09:29 AM

change the line in /etc/passwd for user ftp from /home/ftp to whatever directory you want.

nejoom · 04-15-2002, 03:54 PM

If your interested, this is how i configured my ftp settings:

1. Allow known users to ftp login and move/upload/download files within thier own home directory, disallow all roaming to other directories.

2. Allow anonymous logins to ftp to just one directory to upload stuff but dont allow downloads.

3. Do this on redhat with a startup script.

You can download the configuration files:
http://www.tinydeveloper.com/scripts/proftpd
(=bootup script: should be located in /etc/init.d/ on redhat)

http://www.tinydeveloper.com/scripts/proftpd.conf
(=configuration script: should be located in /etc/proftpd on redhat)

Adding a user:
[root@fire root]# adduser ftptester
[root@fire root]# passwd ftptester
#dissallow shell login
[root@fire root]# chsh -s /sbin/nologin ftptester

Making a anonymous directory (with my conf file):
[root@fire root]# mkdir -p /home/ftp/uploads
[root@fire root]# chown -R ftp.ftp /home/ftp