LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-27-2004, 02:23 PM   #1
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Rep: Reputation: 30
Proftpd


Greetings,
I am having a little trouble coming up with a working config with proftpd. If somebody could get me on the right track with a little sample of what I need to do to get this working, I would really appreciate it. It's very simple, but for some reason.....:

1. I need to specify a download and an upload directory (two different directories) for *non* anonymous user. For example
/usr/local/ftp/download
/usr/local/ftp/upload

2. I need to create the config so that it is *not* anonymous, and a user needs to have a correct username and password, as well as an allowed IP address, in order to access the folders.

3. For security, I would like to lock the user into those folders (I know that config command, but maybe I'm messing it up...?)


Like I said, this should be really easy, but for some reason I can't seem to get it to work. The proftpd site isn't much help to me, either, since they seem to only show examples for anonymous access :-/

Thanks
 
Old 01-27-2004, 03:33 PM   #2
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
What I did to solve that problem was to point "/usr/local/ftp/download
" as their home directory in their /etc/passwd. So everything they connect via ftp they will see all files in that path. If you found the syntax that does this in the config file, please let me know as well! Good luck...

-twantrd
 
Old 01-27-2004, 05:24 PM   #3
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Original Poster
Rep: Reputation: 30
twantrd,
If you can spare a moment, I would really appreciate it. I cannot seem to get the user/password/directory thing working.
 
Old 01-27-2004, 08:50 PM   #4
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
No, I can't spare a moment...j/k . Anyhow in /etc/passwd file this is mine:

twantrd:x:1004:1004:twantrd,,,:/home/twantrd:/bin/bash

Look for your username entry and change the '/home/<your username>'
to "/usr/local/ftp"

What that now does is that everytime a user logs in via ssh or telnet that will now be their home directory. If the user connects via FTP, then now they will see the contents of /usr/local/ftp. Now make a directory called "Upload" and "Download" and set permissions accordingly to however you want it.

Quote:
For security, I would like to lock the user into those folders (I know that config command, but maybe I'm messing it up...?)
As for this section, you would then need to change permissions on the directories themselves making the user not able to r/w/x. So for example, if you change the permissions on '/usr/local' to only drwx------ then you have just "locked" the ftp user into only browsing the subdirectory 'ftp'. There is a jail for ftp users but I have never used it so I wouldn't know. Maybe jailing ftp users is what you are asking here. Hope I helped somewhat..Good luck!

-twantrd
 
Old 01-27-2004, 10:34 PM   #5
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
to specify your directory, try:

Code:
DefaultRoot /usr/local/ftp/upload <group name>
To disallow anonymous ftp, make sure "anonymous" and "ftp" are in your ftpusers file.

The default root will keep the users jailed in document root directory.
 
Old 01-28-2004, 07:34 AM   #6
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Original Poster
Rep: Reputation: 30
Does somebody have a little sample configuration that I can look at to try and connect all this together?

For example.... would it look something like this?

<Anonymous /usr/local/ftp/downloads>
DefaultRoot /usr/local/ftp/upload <group name>

</Anonymous>

Inexactitude: I have added those users to my ftpusers list, but I still am not sure how to integrate that with proftpd. Are ftp users system users? I have to create a download and upload group on the system, and they use that password?

Sorry if these questions seem stupid, but I am struggling with just a general oversight of the proftp configuration right now.
 
Old 01-28-2004, 12:46 PM   #7
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
Well, if you don't want anonymous ftp you should just comment out all the lines concerning anonymous ftp. I don't have my proftpd.conf handy right now, I'll get it for you later if you need it.

I'm having trouble understanding what you here. Do you want anonymous users to be able to use one directory, and have other users use a different directory for a group, or a different group for each user?

Once a user is added to the ftpusers list, that user won't be able to connect on ftp anymore.

Yes, ftp users are system users. They use the system password to connect to the server. Create all the users you want for ftp, put them in the same group, don't give them home directories, and don't give them shells (as long as you don't want them to use any other services). If you don't give your users shells, make sure you have this in your proftpd.conf:

Code:
RequireValidShell off
I hope I could help you out.
 
Old 01-28-2004, 02:04 PM   #8
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Original Poster
Rep: Reputation: 30
Inexactitude,
Yes, that helped. I only want about 3 or so people to be able to access ftp on my server, and nobody as anonymous.

Does this configuration stuff have to be enclosed in any form of <Location> brackets or something, or.... ?

I really, *really* wish the ProFTPd docs were more dummy-friendly. They have 2 forms of configuration file samples on their site - too simple, and too complicated.

Thanks for your help, Inexactitude. I really appreciate it.

Last edited by duerra; 01-28-2004 at 02:05 PM.
 
Old 01-28-2004, 02:33 PM   #9
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
At the end of your file, put this (just after the anonymous chroot part of the file):

Code:
<Global>
RootLogin off
UseFtpUsers on
DefaultRoot <directory> <group>
RequireValidShell off
</Global>
This should implement what you want.
Thanks.
 
Old 01-28-2004, 02:53 PM   #10
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Original Poster
Rep: Reputation: 30
Thank you very much, Inexactitude! I'll try it as soon as I get home =)

Last edited by duerra; 01-28-2004 at 02:58 PM.
 
Old 01-29-2004, 01:17 AM   #11
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
Hope it works for you. Tell me how it goes, and if you need anything else, I'll do my best to help.
 
Old 01-30-2004, 07:51 AM   #12
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Original Poster
Rep: Reputation: 30
Inexactitude,
Thanks again. Unfortunately, I can't seem to connect still. I have added what you have shown, and added one of my users to the "ftp" group. Unfortunately, when I connect with SmartFTP, I get an error that I could not connect "because the server actively refused it".

Any ideas what could be happening now?
 
Old 01-30-2004, 12:26 PM   #13
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
Are you sure the server daemon is running?
Have you added RequireValidShell off to the configuration file?
Exactly what happens? Are you able to put your password in, and then get rejected, or you just get rejected right off the bat?
 
Old 01-30-2004, 04:06 PM   #14
duerra
Member
 
Registered: Oct 2003
Location: Where No One's Been... Spiral Out!
Distribution: FreeBSD
Posts: 201

Original Poster
Rep: Reputation: 30
I pasted exactly what you have into my config (edited location and group, of course). I also did a check, and port 21 is being listened on, so I'm pretty sure that means that the daemon is running.

I am not even able to connect. In the command line when doing it from the box itself:

$ ftp 24.106.18.115
ftp: connect: Connection refused
 
Old 01-30-2004, 07:34 PM   #15
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
Okay, try /etc/rc.d/init.d/proftpd restart or /etc/rc.d/proftpd restart, is it reporting any errors on the restart? Also, are you running it from inside inetd? If so, make certain that the ftp is uncommented in /etc/inetd.conf.

Once I have my proftpd.conf handy again (if it is running from inetd), we'll try running proftpd as a stand-alone server. Also, try connecting to the machines local address or localhost.

Is the box behind a router or firewall?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
proftpd: proftpd startup failed tumana Linux - Newbie 14 06-17-2012 12:06 PM
[PROFTPD] Ldap and proftpd authentication wesleywest Linux - Software 1 02-22-2005 10:51 AM
Disabling the chroot in proftpd and enabling root logins on ssh/proftpd jon_k Linux - Software 1 06-16-2004 11:27 AM
proftpd help strider17 Linux - Newbie 2 02-08-2004 12:44 PM
proftpd --- need help? could someone post a working proftpd.conf i could look at ZooRoPa Linux - Networking 1 04-02-2003 07:56 PM


All times are GMT -5. The time now is 07:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration