LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Poll: I use ProFTPd as my FTP server
Poll Options
I use ProFTPd as my FTP server

You must log in and have one post to vote in this poll. If you don't have an account, you can register here.
Results will be available after the polls close.

The nominees are:

Yes
No
I don't run an ftp server

Reply
 
Search this Thread
Old 03-11-2004, 02:49 PM   #1
fireman949
Member
 
Registered: Dec 2003
Location: Walls
Distribution: Slackware 10.1;CentOS 4
Posts: 51

Rep: Reputation: 15
ProFTP-this has got to be easier than I'm making it, please help!


I know this is long, please read the post and help if you can, I'm ready to scrap linux after 3 months of hard work setting up other parts of my linux server.


I've been attempting to get FTP working for about a month now. No one seems to know what I'm talking about. I am a linux newbie but I've learned a lot about my machine in the past 3 months.

Is ProFTP just a crappy program that no one uses and that's why I can't get a freaking answer? If it is, just say - use *** ftp program instead, it works and everyone uses it so you'll have lots of support. Or am I in the wrong form? If so, just direct me to the right forms to deal with linux server type issues. Here is my problem:

I am setting up a linux machine to be a webserver. I am running slackware 9, Apache 2.0.48 and ProFTPd 1.2.9. I have all my web related stuff in /wwwroot
/wwwroot/apache2 - apache
/wwwroot/proftpd - proftpd
/wwwroot/mysql - my sql
/wwwroot/sites - all web sites
...and so on.

I compiled proftpd from source and installed it. I have used the included ftpasswd file to setup a password file with some users and a group file. They are located in /wwwroot/passwords/ftp.passwd (and ftp.group).

I can login to my ftp server with anonymous access and upload anything I want to the anonymous directory. The owner/permissions on the 'upload' directory (in /home/ftp) are 'ftp/ftp 755'. I want some people I host for to be able to login to ftp with user/pass and manage their website. When I login with a user account I created (in /wwwroot/passwords/ftp.passwd) I am taken to the proper home directory but I cannot upload anything unless the permissions on the directory are 777. Previously when I uploaded files with a user account, they had ownership of operator/games. I added "UserOwner ftp GroupOwner ftp" which fixed that problem, but I still can't upload anything unless the directory permissions are 777. Why can I upload with anonymous and permissions are 755 but not with a user account.

Do I need to add <Limit STOR> somewhere or <Limit WRITE> ?

I have pasted my proftpd.conf file below for scrutiny. I enjoy using my linux box and like the way it's administrated and how 'light' it is but I'm considering scrapping it all because I can't setup FTP after 1+ month of attempting to get it right.

Please help!


Code:
#
#

ServerName                      "Eric's ProFTPd TEST Installation"
ServerType                      standalone
DefaultServer                   on
ServerIdent                     off

# The ftpd-data port will be one less.
Port                            21

User                            nobody
Group                           nogroup

# These must be absolute paths.
AuthUserFile                    /wwwroot/passwords/ftpd.passwd

AuthGroupFile                   /wwwroot/passwords/ftpd.group

SystemLog                       /wwwroot/proftpd/logs/ftp.log

# Disable some checks.
IdentLookups                    off
RequireValidShell               off
UseFtpUsers                     off
UseReverseDNS                   off
WtmpLog                         off

DefaultRoot ~
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes to 5.
MaxInstances                    20

# Normally, we want files to be overwriteable.
<Directory /wwwroot/sites/*>
        AllowOverwrite          on
        UserOwner               ftp
        GroupOwner              ftp
        HideNoAccess            on

          <Limit STOR MKD XMD XRMD>
          AllowAll
          </Limit>

</Directory>

<Anonymous ~ftp>

  <Limit LOGIN>
    AllowAll
  </Limit>

MaxClients                      10      "Sorry, max %m users -- try again later"

   User                 ftp
   Group                ftp

UserAlias                               anonymous ftp

    <Limit WRITE>
     DenyAll
    </Limit>

  <Directory uploads/*>
    <Limit READ>
      DenyAll
    </Limit>

     <Limit STOR>
       AllowAll
     </Limit>
   </Directory>
</Anonymous>
 
Old 03-12-2004, 01:17 PM   #2
fireman949
Member
 
Registered: Dec 2003
Location: Walls
Distribution: Slackware 10.1;CentOS 4
Posts: 51

Original Poster
Rep: Reputation: 15
^bump
 
Old 04-17-2004, 06:54 PM   #3
Louie55
Member
 
Registered: Oct 2003
Location: Nebraska
Distribution: SuSE 9.0, Redhat 9.0
Posts: 41

Rep: Reputation: 15
Hello,

I am also somewhat of a linux newbie building a web hosting server. I am using RedHat 9. Like you, I am using ProFTPd as my FTP server. I also struggled at first with the FTP user thing. I finally figured out that you can use system users as FTP users (and POP3 mail users). I am not using any ftp.passwd file or any special FTP authentication. To create an FTP user, I simply add another UNIX system user. I use Webmin to add users as I do not know the full command line way to add users with all the options I want. So you might want to think about installing webmin if you don't have it and you want an easy way to add users and do many other things on your Linux system. Anyway, to add a user (in webmin) you just type in the username and password you want (click the "Normal Password" circle and then type the password in the box next to it). Then set their shell to /bin/false so that they cannot SSH into your machine if you have SSH daemon running. Then I set their group to "ftp" and type in or choose their home directory.

Then, to give them the right permissions, you chown their home directory and any other directory that is already under their home directroy (such as public_html) to the user that will be FTPing to that directory.

For example: Lets say you want to create a user named fredftp with a password that you specify and the home directory of /wwwroot/fred.com and you are at the command line, you would first create the user.

Code:
useradd -s /bin/false -d /wwwroot/fred.com -g ftp fredftp -M
Then, create the password for the account:

Code:
passwd fredftp
Then, change the owner of the directory so that the user can change the permissions to anything he wants in his directory.

Code:
chown fredftp /wwwroot/fred.com
Then change permissions of the directory so that only that user will be able to change the permissions and files of that directory.

Code:
chmod 755 /wwwroot/fred.com
Now the user should be able to log in to your ftp server with the username fredftp and the password that you supply him. It should chroot him into /wwwroot/fred.com as long as you have the DefaultRoot ~ statement in your proftpd.conf file.

Here is the proftpd.conf file that I use to make this setup work:

Code:
ServerName         "yourdomain.com"
ServerType	                standalone
DefaultServer	                on
DefaultRoot	                ~
UseReverseDNS	                no
Port				21
Umask				022
MaxInstances			30
IdentLookups       off
MaxLoginAttempts   3
MaxInstances       25
ListOptions   "-a"
TimeoutNoTransfer  900
TimeoutIdle        600
TimeoutLogin       300
AllowRetrieveRestart on
AllowStoreRestart    on
User             nobody
Group            nobody
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
Here is a small description of the above file: (courtesty of redhat.hostinghacks.net)

ServerName "yourdomain.com" - This will be visible during login.

Umask 022 - Makes new directories and files with 755 permissions which prevents them from being group and world writable. If you want group writable use: Umask 002.

<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD> - allow chmod and overwrites.
AllowAll
</Limit>
</Global>

DefaultRoot ~ - Jail users into their home directories.

RequireValidShell no - There are 2 choices for user login shells:

Set 'RequireValidShell no' in /etc/proftpd.conf
Add /bin/false to /etc/shells, in which case you don't need 'RequireValidShell no'


UseReverseDNS off
IdentLookups off - time/bandwidth reducing options

MaxInstances 25 - prevents dos attacks in standalone mode.

MaxLoginAttempts 3
LsDefaultOptions "-a"
TimeoutNoTransfer 900
TimeoutIdle 600 - typical ftp settings
TimeoutLogin 300
AllowRetrieveRestart on
AllowStoreRestart on

However, this setup will not allow anonymous connections.


I'm not sure what to add or take off to allow anonymous connections.

This should be all you need to run your ftp server with authenticated users.

Let me know if this helps at all.

Louie
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
M$ Making a Linux takeover easier... JaseP General 15 01-28-2005 03:32 PM
:::::::Request for making Gnu/Linux easier for new users(like me)..-::::::: explosive Linux - Software 3 07-20-2004 10:05 AM
Gentoo is there an easier way? DavidTempler Linux - General 10 12-13-2003 07:38 AM
making life a little easier drfrankie Linux - Newbie 2 06-23-2003 12:05 PM
Which would be easier? Download-This Linux - Networking 1 10-11-2002 11:59 PM


All times are GMT -5. The time now is 03:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration