proftpd and linux permissiosn

kevf1 · 07-28-2010, 08:01 AM

hi everyone.. my head hurts but i'm sure i'm missing something.. ok setting up a proftpd server so far it is working as an ftp server and i can upload and download as a user but.. i want to make some chnages and just can't see how i can do it...

ok here goes..

i would like an administartor account that can get into several directories

example

/ftproot/pubftp ------ admin account needs access to this and everyhting below

/ftp/root/pubftp/client1 ----- client 1 needs access to this folder as read and write admin need saccess to this folder as read and write

/ftproot/pubftp/clien2 client 2 needs access on a read only basis but admin need read and write access.

so far i have done this in the proftpd.conf file

<Directory /ftproot/pubftp
HideNoAccess on

<Limit DIRS READ WRITE >
AllowUser admin
DenyALL
</limit>

</Directory>

<Directory /ftproot/pubftp/client1>
HideNoAccess on
<Limit DIR READ WRITE>
AllowUser client1
DenyAll
</Limit>

<Limit DIRS READ WRITE >
AllowUser admin
DenyALL
</limit>

</Directory>

<Directory /ftproot/pubftp/client2>
HideNoAccess on
<Limit DIR READ>
AllowUser client2
DenyAll
</Limit>

<Limit DIRS READ WRITE >
AllowUser admin
DenyALL
</limit>

</Directory>

But no matter what i do i can't them to work properly... what am i missing.

thanks kev

kostya · 09-23-2010, 11:03 AM

Quote:

Originally Posted by kevf1

<Directory /ftproot/pubftp/client1>
HideNoAccess on
<Limit DIR READ WRITE>
AllowUser client1
DenyAll
</Limit>

<Limit DIRS READ WRITE >
AllowUser admin
DenyALL
</limit>

</Directory>

Is it OK you have the section <Limit DIRS READ WRITE > mentioned twice here?? Oh, and how about the space in "WRITE >"? I mean, some of those programs cannot do the guessing and take the syntax quite literally; so it may get confused as to which of your duplicate <Limit> directives it should obey.

I guess, you can do the above directive like this:
<Limit DIR READ WRITE>
AllowUser client1
AllowUser admin
DenyAll
</Limit>
At least, this is the recommended way of doing it...

Meantime I must admit, that I'm myself having problems with ProFTPd: in spite of my <Limit> stuff I still can't achieve my goal, which is to allow clients to STORE to the upload directory, but deny DELE. I just can't make it out!
I'm using a special account "ftpuser" for the upload, but it result in the clients' being able both to write AND delete ANY files in /home/ftpuser, despite all my futile <Limit> directives to that <Directory ~ftpuser>.
I'm at my wits' end...