LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 07-06-2006, 02:45 PM   #1
dbc001
Member
 
Registered: Jan 2004
Distribution: Slackware, Ubuntu
Posts: 97

Rep: Reputation: 15
ProFTPd restrict all users to /fs ?


Been hacking at ProFTPd on my Slack 10.2 box for a while now and I'm horribly confused (as many of us are apparently). I'm trying to set it up to restrict all users to have Read Only access to /fs/ (I can still get to all the rest of my files using SFTP over SSH).

I've got ProFTPd up and running but I'm lost trying to figure out the config file. No matter what I do it seems to either give me all access to all the files, or no access to anything! Any help would be greatly appreciated.

thanks in advance,
dbc
 
Old 07-06-2006, 04:09 PM   #2
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
If I'm not mistaken, I think you just need to set the DefaultRoot ~ line to DefaultRoot /fs. Make sure the directory permissions are set for users to read only. At least this works with a standard ftp server.

I'm not sure how the ssh connection works with sftp or if it circumvents the standard ftp settings since you've already logged on via ssh...
 
Old 07-27-2006, 05:07 PM   #3
Skip-DMP
Member
 
Registered: Jan 2006
Distribution: RHEL3
Posts: 97

Rep: Reputation: 15
Issue on RHEL3

I have the issue if that command just not working either. The DefaultRoot being set anywhere I wish doesn't work. Users always default to their home directory and are able to see the entire file structure.
 
Old 07-27-2006, 05:20 PM   #4
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Can you post your config file?
 
Old 07-28-2006, 09:12 AM   #5
Skip-DMP
Member
 
Registered: Jan 2006
Distribution: RHEL3
Posts: 97

Rep: Reputation: 15
Here is all I have:

Quote:
ServerType standalone
ServerName "FTP Site"
Port 2121
DefaultServer on
DefaultRoot /var/www/html
User ftp-run
Group ftp-run
Umask 022
AllowOverwrite on
 
Old 07-28-2006, 01:11 PM   #6
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
What ftp server are you using? That doens't look like a ProFTP config file to me (which is what was started in this thread).
 
Old 07-28-2006, 02:45 PM   #7
Skip-DMP
Member
 
Registered: Jan 2006
Distribution: RHEL3
Posts: 97

Rep: Reputation: 15
It is ProFTP according to the documentation, I have removed all of the comments and included just what remains. I have uncommented the user and group lines and created my own. The "DefaultRoot" normally is started as ~, whch is not what I want. I changed the default port to ftp into and the server name. When I ftp to my server, here is the version info:

ProFTPD 1.3.0rc5 Server (ProFTPD Default Installation)

I absolutely do not want anonymous access. Authenticated linux users only.

I have even tried modifying/creating my configuration using webmin, but am still seeing the same results. According to the documentation, the DefaultRoot line should set the root directoty. There originally was an additional line there which started with "Ch" like ChDefault or something which had no effect either.
 
Old 07-28-2006, 02:49 PM   #8
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Do your users have read/write access to /var/www/html? Also is the "x" bit enabled for the directory?
 
Old 07-28-2006, 03:56 PM   #9
Skip-DMP
Member
 
Registered: Jan 2006
Distribution: RHEL3
Posts: 97

Rep: Reputation: 15
Owner is root, group is a set of my ftp users and the rights are set as 775
 
Old 07-28-2006, 04:14 PM   #10
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Just out of curiosity, do you have to restart proftpd for the changes to take effect?
 
Old 07-28-2006, 05:03 PM   #11
Skip-DMP
Member
 
Registered: Jan 2006
Distribution: RHEL3
Posts: 97

Rep: Reputation: 15
It isn't a service and according to the documentation it is an "on the fly" type of change. In fact, when I make changes within webmin that are in error (not a recognized function or format) and apply the changes to the server (which restarts it) it will report failures. The only thing I have not done is reboot the entire system, which I prefer not to do as it serves a number of other functions. Rebooting the entire box for a config modification is certainly not desirable.
 
Old 07-28-2006, 05:11 PM   #12
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Nor should you need to reboot the computer. I just didn't remember if you had the option of starting the proftpd as a service not controled by inetd. It sounds like yours is being controlled by inetd so each connection uses the new config automagically.

I'm really sort of stumped as to what is going on here. Granted I'm no expert, but I've never had a problem just chaning the DefaultRoot line... Hmm. The only difference I see between our config files is that my Umask line has 022 022 (the second one is for directories). But I'm not sure why that would matter... Oh, and the port change of course...
 
Old 07-28-2006, 05:49 PM   #13
Skip-DMP
Member
 
Registered: Jan 2006
Distribution: RHEL3
Posts: 97

Rep: Reputation: 15
Got it. Though it doesn't run as a service, it was running as a process and wasn't being reset. I brought up a process list and killed it. Then I simply ran proftpd to restart it and it worked. Thanks for the help, though. You got me thinking that it simply wasn't restarting as expected.

Here is how I ended up modifying my config file before killing the process. not sure if it made any real difference.

Quote:
ServerType standalone
ServerName "FTP Site"
Port 2121
DefaultServer on

<Global>
DefaultRoot /var/www/html ftp-users
DefaultChdir /var/www/html ftp-users
User ftp-run
Group ftp-run
Umask 022
AllowOverwrite on
</Global>

Last edited by Skip-DMP; 07-28-2006 at 05:50 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict/allow ssh users mike30188 Linux - Security 2 06-20-2005 09:37 PM
restrict unix users to ~ novaprime Linux - Software 20 01-26-2005 12:41 AM
Restrict users logging in by SSH tolindsey Linux - Security 4 08-12-2004 05:17 PM
Restrict Directories to users with SSH aeruzcar Linux - General 5 09-11-2003 04:28 PM
How to restrict email from users... Supp0rtLinux Linux - Software 1 01-08-2003 04:37 AM


All times are GMT -5. The time now is 01:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration