proftpd -- can't figure out how to allow anon users to send to me
 

Hi all,

I'm futzing around w/ proftpd and can't seem to get something to work. I'm trying to set up an ultra-basic setup which will allow anonymous users to access the server and put files to the /incoming directory within my server. I've gone thru the config file and set the following directive inside my anonymous directive:

<Directory /incoming/*>
<Limit STOR>
AllowAll
</Limit>
</Directory>

from what I've read of the documentation, that should allow anon users to write to this directory. I have the user and the group for the server to run as set to "ftp" and have made sure that my filesystem files that correspond as the directories within the ftp server are owned by the ftp user and proper permissions are set.

However, when I log on to the server, I can access all folders and files just fine, but when I try to put a file to the incoming directory, I get the error:

Permission denied.

any ideas where I'm going wrong in my config? Any help would be great.

Did you restart your server? Not too sure what the commands are for a standalone proftpd server, but for xinetd, just do
"ps -aux | grep xinetd" and get the process id, and
"kill -SIGHUP pid" to restart it. Probably same for inetd.

I've actually restarted the system a few times, as I'm working on other config stuff today, too. Thanks for the kill tip, tho, that will be handy in the future.

I should have included that I'm not running proftpd as a standalone, it is actually running as part of inetd, maybe that makes a difference in my situation, but probably not.

Any other ideas?

hmm i figured it out some weeks ago but my config got lost during to a system work ...
maybe i can try it again today to look up what it was :) if i got it again ill post it

ok, so I'm experimenting w/ proftpd on my laptop now, hopefully when I get it to work I can just move the config file over to my server and have it work there, too.

I am using a loopback to myself for this testing, so somebody please tell me if that's not supposed to work or something.

the important bits of my config file looks like this:

ServerType inetd
DefaultServer on

Port 21

User nobody
Group nogroup

<Directory /*>
AllowOverWrite on
</Directory>

<Anonymous ~ftp>
RequireValidShell off
User ftp
Group ftp
Max Clients 50
<Limit WRITE>
DenyAll
</Limit>
<Directory incoming/*>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>

Here's what happens when I try to log on to the server:

I type:
ftp localhost
I get:
Connected to localhost.
220 ProFTPD 1.2.8 Server (ProFTPD Default Installation) [www.kero-chan.com]
Name (localhost:root)
I type:
anonymous
I get:
331 Anonymous login ok, send your complete e-mail address as your password:
I type:
my e-mail addy
I get:
530 Login incorrect.
Login Failed.
Remote system type is UNIX.
Using binary mode to transfer files.

I have checked my ftp directories and the are owned by the ftp user and ftp group, so there should be no problems with file permissions.

I am trying to set up a server that will allow users to log in anonymously, grab files from the root directory of the server and put files to the incoming directory of the server.

Can anyone help me out with this?

thanks,

wendallsan

you have to chmod your incoming directories to 777 and also try to change
<Limit WRITE>
DenyAll
</Limit>

to

<Limit WRITE>
AllowAll
</Limit>

ok, I have chmodded my incoming directory and given the ftp root allowall attributes for writing, as you have suggested. But at this point, I'm still not even able to log on to the server. I am still getting the following outcome:

I type:
ftp localhost
I get:
Connected to localhost.
220 ProFTPD 1.2.8 Server (ProFTPD Default Installation) [www.kero-chan.com]
Name (localhost:root)
I type:
anonymous
I get:
331 Anonymous login ok, send your complete e-mail address as your password:
I type:
my e-mail addy
I get:
530 Login incorrect.
Login Failed.
Remote system type is UNIX.
Using binary mode to transfer files.

what could be preventing me from logging on?

thanks,

wendallsan

please paste your config file again

sure thing:

# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)

ServerName "Digiko File Server"
ServerType inetd
#ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
# DenyAll
#</Limit>

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>

# Allow logins if they are disabled above.
<Limit LOGIN>
AllowAll
</Limit>

# Maximum clients with message
MaxClients 5 "Sorry, max %m users -- try again later"

User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
<Limit READ>
DenyAll
</Limit>

<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>

Firstly change User to be root

chroot() system calls won't work otherwise

also in your anonymous tag add try
adding RequireValidShell no
if you don't have a valid shell

also make sure that the ftp user has been created

how about?
ServerName "Digiko File Server"
#ServerType inetd
ServerType standalone
DefaultServer on

after it try:

killall -9 inetd
after type proftpd
after
ps awx | grep proftpd
and look =)
if it is accepting connections...
But when you do it the server will start only when you type "profptd" not "inetd"

I post killall -9 because i am using Slack.

ok,

I have set things up like robo_br suggested, changing proftpd from inetd mode to standalone. I have also added the RequireValidShell directive that gwp suggested.

I tried setting the User and Group to root like gwp suggested, but after doing that even an anonymous logon required a password, which of course I have not set, so I couldn't get in. I checked to make sure that I have an ftp user and group (ran "cat /etc/group | grep ftp" and "cat /etc/passwd | grep ftp" and they both came back with an entry). I have set the user and group back to ftp for now, since at least it tries to do what it's supposed to with an anonymous login instead of not recognizing the anonymous login.

I am still getting the same result, when I type in "ftp localhost" I get the greeting and a login prompt, I give it "anonymous" for the login, it gives me the "Anonymouse ok, send your email addy . . ." bit, then I type in anything there and it gives me a "530 Login incorrect." error. From my understanding of an Anonymous login, I should be able to type anything or just hit enter for the password and get in fine.

Any other help, or is it time to give up and try vsftpd instead of proftpd?

thanks,

wendallsan

Hi,

I meant the user and group that proftpd runs as, I'm not sure if you maybe changed
user and group of the anonymous user?

I've managed to get proftpd working on a SUN V100 a while back... yet to depoly it
though. We don't want anonymous access here.... If you still have troubles... I'll fire
it up sometime and try to add anonymous access and maybe post the config file
for you to see

Don't give up

BR,

G

SUCCESS
 

yes, thank god. last night I finally got anonymous ftp running on my laptop, and have moved the config file over to my server and it still works! Amazing!

I think it was a combo of me having removed ftp from my /etc/ftpusers file on one system and not on the other, therefore I was getting inconsistent results as I worked on one system and then went to the other, expecting similar results. Figures.

Anyway, my functional proftpd.config file for anyone interested in it is below. It is set up to allow anoymous login, have users be able to get files from the root directory of the ftp server and put files to the incoming directory within the ftp server. I will continue working on this to set up real user accounts, etc. soon, but for now this is what I have been working towards. Thank you all for your help and patience while dealing with noob angst, etc.

wendallsan

here's the config:

ServerName "Digiko File Server"
ServerType inetd
DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# this helps to prevent DoS attacks
MaxInstances 30

# Set the user and group that the server normally runs at.
User ftp
Group ftp

# set up logs
SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>

# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
RequireValidShell no
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 50

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory incoming/*>
<Limit READ>
DenyAll
</Limit>

<Limit STOR>
AllowAll
</Limit>
</Directory>

</Anonymous>