Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Greetings,
I am having a little trouble coming up with a working config with proftpd. If somebody could get me on the right track with a little sample of what I need to do to get this working, I would really appreciate it. It's very simple, but for some reason.....:
1. I need to specify a download and an upload directory (two different directories) for *non* anonymous user. For example
/usr/local/ftp/download
/usr/local/ftp/upload
2. I need to create the config so that it is *not* anonymous, and a user needs to have a correct username and password, as well as an allowed IP address, in order to access the folders.
3. For security, I would like to lock the user into those folders (I know that config command, but maybe I'm messing it up...?)
Like I said, this should be really easy, but for some reason I can't seem to get it to work. The proftpd site isn't much help to me, either, since they seem to only show examples for anonymous access :-/
What I did to solve that problem was to point "/usr/local/ftp/download
" as their home directory in their /etc/passwd. So everything they connect via ftp they will see all files in that path. If you found the syntax that does this in the config file, please let me know as well! Good luck...
Look for your username entry and change the '/home/<your username>'
to "/usr/local/ftp"
What that now does is that everytime a user logs in via ssh or telnet that will now be their home directory. If the user connects via FTP, then now they will see the contents of /usr/local/ftp. Now make a directory called "Upload" and "Download" and set permissions accordingly to however you want it.
Quote:
For security, I would like to lock the user into those folders (I know that config command, but maybe I'm messing it up...?)
As for this section, you would then need to change permissions on the directories themselves making the user not able to r/w/x. So for example, if you change the permissions on '/usr/local' to only drwx------ then you have just "locked" the ftp user into only browsing the subdirectory 'ftp'. There is a jail for ftp users but I have never used it so I wouldn't know. Maybe jailing ftp users is what you are asking here. Hope I helped somewhat..Good luck!
Inexactitude: I have added those users to my ftpusers list, but I still am not sure how to integrate that with proftpd. Are ftp users system users? I have to create a download and upload group on the system, and they use that password?
Sorry if these questions seem stupid, but I am struggling with just a general oversight of the proftp configuration right now.
Well, if you don't want anonymous ftp you should just comment out all the lines concerning anonymous ftp. I don't have my proftpd.conf handy right now, I'll get it for you later if you need it.
I'm having trouble understanding what you here. Do you want anonymous users to be able to use one directory, and have other users use a different directory for a group, or a different group for each user?
Once a user is added to the ftpusers list, that user won't be able to connect on ftp anymore.
Yes, ftp users are system users. They use the system password to connect to the server. Create all the users you want for ftp, put them in the same group, don't give them home directories, and don't give them shells (as long as you don't want them to use any other services). If you don't give your users shells, make sure you have this in your proftpd.conf:
Inexactitude,
Yes, that helped. I only want about 3 or so people to be able to access ftp on my server, and nobody as anonymous.
Does this configuration stuff have to be enclosed in any form of <Location> brackets or something, or.... ?
I really, *really* wish the ProFTPd docs were more dummy-friendly. They have 2 forms of configuration file samples on their site - too simple, and too complicated.
Thanks for your help, Inexactitude. I really appreciate it.
Inexactitude,
Thanks again. Unfortunately, I can't seem to connect still. I have added what you have shown, and added one of my users to the "ftp" group. Unfortunately, when I connect with SmartFTP, I get an error that I could not connect "because the server actively refused it".
Are you sure the server daemon is running?
Have you added RequireValidShell off to the configuration file?
Exactly what happens? Are you able to put your password in, and then get rejected, or you just get rejected right off the bat?
I pasted exactly what you have into my config (edited location and group, of course). I also did a check, and port 21 is being listened on, so I'm pretty sure that means that the daemon is running.
I am not even able to connect. In the command line when doing it from the box itself:
Okay, try /etc/rc.d/init.d/proftpd restart or /etc/rc.d/proftpd restart, is it reporting any errors on the restart? Also, are you running it from inside inetd? If so, make certain that the ftp is uncommented in /etc/inetd.conf.
Once I have my proftpd.conf handy again (if it is running from inetd), we'll try running proftpd as a stand-alone server. Also, try connecting to the machines local address or localhost.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.