ProFTPD help!!!

berkay · 09-13-2004, 04:20 PM

Hi all,

I've read tons of proftpd manuals, configs, forum threads, but still I cannot use proftpd... I only need a server, which anonymous users or a single user can login to it and download files... But i want that single user different from my current user...

Can someone post an example proftpd.conf file which could work for me? I got lost in configs and I really need proftpd working...

Thanks a lot!

jymbo · 09-14-2004, 12:22 AM

Here is the basic config file from the Proftpd site.

First, find out where your your particular proftpd.conf file is. Do a search by doing

Code:

#find / -iname proftpd.conf

When you've found it, rename it and copy the file from the link above in it's place. Rename it to proftpd.conf.

Second, we need to enable anonymous FTP users. Do a search for your ftpusers file: [/CODE]find / -iname ftpusers[/CODE] Edit this file and remove the "ftp" user.

This config file is for standalone mode, so you need to start proftpd from the command line, and NOT from inetd (or xinetd if using RH/Fedora). If your proftpd install is set to run from inetd, you need to stop the service then disable it from starting from inetd (or xinetd). Then start your proftpd server from the cli by doing

Code:

#proftpd

Check to make sure it's running by doing

Code:

#ps -A|grep profptd

Now test it out. Open your FTP client and make a connection to your machine at port 21 (default) with username: anonymous and password: anonymous.

Now as for adding a user, you need to add a user on your system either through the cli (#adduser) or through your particular distro's gui. Once you've created a user and set a password, you can now login to your ftp using those credentials and have read/write access to that user's home directory.

berkay · 09-14-2004, 01:19 AM

I have done all of what you said but still I can't login with anonymous: anonymous...

Here is the output!

Code:

berkay@gentoox berkay $ ftp localhost
Connected to localhost.
220 ProFTPD 1.2.9 Server (ProFTPD Server of berkaY) [localhost]
Name (localhost:berkay): anonymous
500 AUTH not understood
SSL not available
331 Anonymous login ok, send your complete email address as your password.
Password:
530-Unable to set anonymous privileges.
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Thanks again for any help!

maxut · 09-14-2004, 07:36 AM

example config files always work!
have u checked logs? propably logs will tell u the trouble. if u dont see anything in logs, u can set log level to debug mode in proftpd.conf for more detail .
do u have a ftp account to allow anonymous logins.
check /etc/passwd. u must see a ftp user.

i dont know anything about your distro (gentoo). i have some proftpd servers on different redhat boxes. i use example config files. just changed some options.

bir turkle karsilacagimi ummuyordum. guzel bir tesaduf oldu

jymbo · 09-14-2004, 08:17 AM

I think you are lacking a FTP home directory. Do this:

Code:

#grep -i ftp /etc/passwd
#grep -i ftp /etc/group

See if there is already a "ftp" user and group, and if so, see if the corresponding home dir for the ftp user exists on your harddrive.

If you don't have the "ftp" user, create it (again, method depending on your particular distro). If you don't have the "ftp" group, you'll need to create that first with the command:

Code:

#groupadd ftp

In either instance, make sure the home dir of user "ftp" is owned by the "ftp" group.

Code:

chown ftp.ftp /home/ftp

(adjust for your particular distro and setup)

You might also want to test your proftpd setup by logging in as a user.

berkay · 09-14-2004, 09:16 AM

Hi again,

I am now using pure-ftpd as an ftp server.. (I got too lost in proftp confs

)
But still I have a problem

I have added a new user to my system with

Code:

adduser pftp -d /home/berkay/ftp

The problem is, the users which connect to my server can also access upper directories like /home/berkay and other directories as well... How can I prevent them from leaving the /home/berkay/ftp directory...

THanks again!

PS: Ben de cok memnun oldum maksut bir Turkle karsilastigima

jymbo · 09-14-2004, 10:00 AM

Go through the documentation of pure-ftp and set-up a chroot "jail" for the user.

phatboyz · 09-14-2004, 11:46 AM

You shouldn't have given up with proftpd. I almost did the same thing. It wasn't really to hard to setup, but the access list for it was what I had a problem with. I thought if the name was on the list then it had access but it was actually the other way around.

If you would like to try it again I might be able to help as I have the service running now.

berkay · 09-14-2004, 11:53 AM

phatboyz, actually your help would be great ... The only thing I want is there must be a folder like /home/berkay/ftp(the connecting user must be jailed in it), which in that ftp folder, there should be two folders(one of them upload, one of them both upload and download)...
In fact, I couldn't understand user management in proftpd... Can you please explain from adding users to the end of the proftpd setup...

Thanks a lot!

jymbo · 09-14-2004, 12:45 PM

If you looked through the example proftpd.conf file, you would have seen a line that reads:

Quote:

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

This jails the user to his /home/user directory. The user has full read/write privileges to any directory in his /home.

If you want to explicitly restrict uploads/downloads, then what you want is an anonymous FTP setup:

Code:

ServerName			"ProFTPD Anonymous Server"
ServerType			standalone

# Port 21 is the standard FTP port.
Port				21

# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
# DenyAll
#</Limit>

# Set the user and group that the server normally runs at.
User				nobody
Group				nogroup

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled			300

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin			welcome.msg
DisplayFirstChdir		.message
DefaultRoot ~

# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>

  # Allow logins if they are disabled above.
  <Limit LOGIN>
    AllowAll
  </Limit>

  # Maximum clients with message
  MaxClients			5 "Sorry, max %m users -- try again later"

  User				ftp
  Group				ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftp

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
  <Directory uploads/*>
    <Limit READ>
      DenyAll
    </Limit>

    <Limit STOR>
      AllowAll
    </Limit>
  </Directory>
</Anonymous>

This config will jail the anonymous user in /home/ftp, allow downloads of files in /home/ftp, and allow uploads (but not downloads) in /home/ftp/uploads.

The full Anonymous proftpd.conf file is here and includes 2 other Anonymous sections that may be of use to you.

phatboyz · 09-14-2004, 12:54 PM

Well I guess that you shouldn't need anyhelp now with that good information. Let me know.

berkay · 09-15-2004, 01:24 AM

I did everything what jymbo and his conf said but it doesn't work... Here is the output...

Code:

Connected to localhost.
220 ProFTPD 1.2.9 Server (ProFTPD Anonymous Server) [localhost]
Name (localhost:berkay): ftp
500 AUTH not understood
SSL not available
331 Anonymous login ok, send your complete email address as your password.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

It may be a user problem and I don't know how to fix this...
THanks in advance...

maxut · 09-15-2004, 02:49 AM

and check if ftp user exists.

Code:

[mesut@teknik mesut]$ cat /etc/passwd|grep ftp
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

if not, add a ftp user and group. home directory of ftp user must point anonymous ftp directory. as u see i use "/var/ftp"

make sure that shell of ftp user is "/sbin/nologin". so ftp (anonymous) users cannot login to your linux via shell.

also check "/etc/shells" if "/sbin/nologin" line exists. if shell of a user is not defined in this file, that user cannot use ftp service.

berkay · 09-15-2004, 03:42 AM

I tried to log on to my server from windows machine but still I can't login as neither anonymous nor ftp... Actually I don't want anonymous ftp server... For example user proftp must login with passwd like 'passwd'... I did this with pure-ftp but I couldn't jail user in a directory... How can I make my server like I described above...

Thanks...

berkay · 09-15-2004, 03:57 AM

SOLVED... Finally

Thanks for help!