LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Suse/Novell (http://www.linuxquestions.org/questions/suse-novell-60/)
-   -   Failure to deny ftp access - proftpd (http://www.linuxquestions.org/questions/suse-novell-60/failure-to-deny-ftp-access-proftpd-4175447033/)

slufoot80 01-24-2013 09:49 AM

Failure to deny ftp access - proftpd
 
The problem is I can sftp and ftp to the server but if I enter the user name in the "/etc/ftpusers" file it disables both, How can I block ftp and not sftp?, below is the out put to "proftpd -V"
proftpd -V| head
Compile-time Settings:
Version: 1.3.4a (maint)
Platform: LINUX [Linux 2.6.32.54-0.3-default x86_64]
Built: Thu Feb 16 2012 10:23:20 EST

Code:

proftpd -V
Compile-time Settings:
  Version: 1.3.4a (maint)
  Platform: LINUX [Linux 2.6.32.54-0.3-default x86_64]
  Built: Thu Feb 16 2012 10:23:20 EST
  Built With:
    configure  '--prefix=/usr/local' '--enable-openssl' '-with-modules=mod_sftp:mod_tls'

  CFLAGS: -O2 -Wall
  LDFLAGS: -L$(top_srcdir)/lib 
  LIBS:  -lssl -lcrypto -lssl -lcrypto -L$(top_srcdir)/lib/libcap -lcap  -lssl  -lcrypto -lsupp -lcrypt -ldl  -ldl -lz

  Files:
    Configuration File:
      /usr/local/etc/proftpd.conf
    Pid File:
      /usr/local/var/proftpd.pid
    Scoreboard File:
      /usr/local/var/proftpd.scoreboard

  Features:
    - Autoshadow support
    - Controls support
    - curses support
    - Developer support
    - DSO support
    + IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    + ncurses support
    - NLS support
    + OpenSSL support
    - PCRE support
    - POSIX ACL support
    + Shadow file support
    + Sendfile support
    + Trace support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 30
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

Below is the proftpd.conf file

Code:

cat /usr/local/etc/proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                  on
ServerIdent on "corp-ftpint01"
UseReverseDNS                  off
IdentLookups                    off
DisplayConnect  /etc/default/welcome.msg
# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                          002
#DisplayLogin /etc/default/welcome.msg
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    200
MaxClientsPerUser              20

# Set the user and group under which the server will run.
User                            nobody
Group                          nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite                on
</Directory>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
TimesGMT off
SetEnv TZ :/etc/localtime
TimeoutNoTransfer 1500
TransferLog /var/log/corp-intftp01-trans.log
ExtendedLog /var/log/corp-intftp01.commandlog all
SystemLog /var/log/proftpd.system.log

<Class ethos>
    From 10.16.4.228/32
</Class>
<Class ocr>
    From 10.110.16.0/24
</Class>

MaxClientsPerClass ethos 20
MaxClientsPerClass ocr 30
MaxConnectionsPerHost  20
DebugLevel 10
<Global>
        UseFtpUsers on
</Global>



All times are GMT -5. The time now is 12:58 PM.