LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 09-25-2003, 06:07 PM   #1
mconnors
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Rep: Reputation: 0
help with proftpd config


I have been reading the proftpd manual pages, but as a *nix newbie I having a really hard time with this, I want to have a webform that once a user confirms registration, a script will create a folder that only has read write access for that user, and no exucutable permissions. What I'm having a hard time with is being able to create that user on proftpd, I know I can use mysql for authentication and insert their info into a database, but how do I jail them only into that directory and avoid making a ~home directory for them.

The purpose for this is that its a free photo site and users can register and upload their photos, once they are a verified contributor, I provide them with an email address on the site as well as their photo album.

any help wouldbe really appreciated
mconnors
morguefile.com
 
Old 09-26-2003, 01:04 AM   #2
Vampyric
LQ Newbie
 
Registered: Mar 2003
Posts: 27

Rep: Reputation: 15
okay first thing... keep in mind that if you're creating shell accounts for your users that they will also be able to login using ssh (if you're running sshd of course)

This I'd image IS NOT your prefered way of creating accounts anyway... if you want to know how to make JUST a proftp account for users here's how.

You can setup this up using

AuthGroupFile
AuthUserFile

they are settings for proftpd itself that will allow access to those only in a specified file rather than using shell accounts

personally, after seeing what others have done, I like to setup the group and user as nogroup/nobody (I'll explain how)
nogroup and nobody was setup by default in my distro (debian) so you don't see it in the files I'm going to explain below then you might have to do a little extra work in creatin$

first we'll deal with the group
in /etc open group
in the list scroll around till you see nogroup
it will look like this -> nogroup:x:NUMBER:
you need that NUMBER

(****Do the same thing if you want to see what the number
for a user, nobody, is just look in /etc/passwd)

now create a file with a name of your choice in /etc ..... something like proftpd.group (I'll use that for following examples)

so now inside proftpd.group add the following personal data in the following format

GROUPNAME:NUMBER:USERtoADD

(we'll make the user to add in a minute and the number is the nogroup number from before)

that's it's for group... so maybe you have something like this

ForPictures:69iclogin

piclogin would be the user.... so lets set him up now

in /etc make another file... for example I'll use the name proftpd.passwd

I passwd file can look like this

picloginass:UID:GIDiclogin:/var/ftp/piclogin:/sbin/nologin

so using the number from above:
piclogin:58h4QyPWmp1jQ:69:69iclogin:/var/ftp/piclogin:/sbin/nologin

where /var/ftp/piclogin is the users HOME directory... it can be whatever you like.... you may have to edit the permissions for this directory depending on what you want to do.

So now we have to deal with the password cause you're probably asking yourself... .what's 58h4QyPWmp1jQ ???

it's the encrypted users password and you can generate it with the command htpasswd (this command is installed when you install apache ... there are others ways the generate the $

using htpasswd type the following

htpasswd -n -b USERNAME PASSWORD

so for 58h4QyPWmp1jQ I did
htpasswd -n -b piclogin pass

now you just have to tell proftpd to use
AuthGroupFile
AuthUserFile

your proftpd config file should be located at /etc/proftpd.conf
edit or add to your configuration the following lines

User nobody
Group nogroup
UseFtpUsers on
RequireValidShell off
AuthGroupFile /etc/proftpd.group
AuthUserFile /etc/proftpd.passwd

don't quote me on this but I think the line to add in order to jail someone to their home directory for proftpd is:
DefaultRoot ~ GROUPNAME

now start proftpd and you SHOULD be able to login using
user: piclogin
pass: pass
as long as everything went the way it was supposed to... so here's a recap

/etc/proftpd.group
ForPictures:69iclogin

/etc/proftpd.passwd
piclogin:58h4QyPWmp1jQ:69:69iclogin:/var/ftp/piclogin:/sbin/nologin

/etc/proftpd.conf
#Edit or add these lines
User nobody
Group nogroup
UseFtpUsers on
RequireValidShell off
AuthGroupFile /etc/proftpd.group
AuthUserFile /etc/proftpd.passwd
DefaultRoot ~ ForPictures

RESTART PROFTPD

cross fingers and attempt to login


IT IS POSSIBLE I MISSED SOMETHING so don't get discouraged if this doesn't work first shot... if it's not fully complete IT'S VERY CLOSE and anyone else readind this feel free ad$

ALSO you might want to try Webmin
it can help manage MANY things including proftpd settings
 
Old 09-26-2003, 01:05 AM   #3
Vampyric
LQ Newbie
 
Registered: Mar 2003
Posts: 27

Rep: Reputation: 15
damnit !!! that's the second time I had a problem with those stupid smilies grrrrrrrrrrrrrrrrrrrrrrrrrrrrr

if you see any smilies it's simply a COLON and then a p

like I really needed to tell you that tho
 
Old 09-26-2003, 01:07 PM   #4
Vampyric
LQ Newbie
 
Registered: Mar 2003
Posts: 27

Rep: Reputation: 15
oh and by the way... in the proftpd.goup file make the format

groupnameCOLONpassword:number:user

I noticed that without the password it won't lock the users to their home directory and again COLON is so it won't show up as a smiley
 
Old 09-26-2003, 03:12 PM   #5
mconnors
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks Vampyric
Its even more complicated with my setup which is ensim webappliance and has the server with virtual host, so there is a /etc/group for ther server and another for each site like /home/sites/virtual/site1/etc/group. I think the problem is though that I was looking to have the ftp account created with a webform- so I'm thinking that the webform submits the login password data into a mysql database.

What I want to do ideally is have anyone using a webform create their id in a mysql database entry which proftpd will use to authenticate and direct them to a dropbox (eg. /home/sites/virtual/site1/home/var/html/dropboxes/piclogin) This login is also used all over the site for forums and such. Once they upload photos, I have scripts to evaluate them and if approved, run an /home/sites/virtual/site1/usr/sbin/useradd which gives them a shell account without ssh (telnet is disabled on the server) but does provide them a imap account.

So anyone can create an account and be allowed to ftp photos or participate on the site- if they upload photos they get an email account and possibly a mod_rewrite to piclogin.morguefile.com (to be done later). Any ideas?

Last edited by mconnors; 09-26-2003 at 03:13 PM.
 
Old 09-26-2003, 04:16 PM   #6
Vampyric
LQ Newbie
 
Registered: Mar 2003
Posts: 27

Rep: Reputation: 15
hmmm well now you've gone beyond my knowledge :P

If I were to have a website where people can create their own login I would probably just write a program to add the new data to proftpd.passwd and then rehash

but that doesn't solve everything you mentioned and I'm sure there's better ways.... good luck in finding the perfect method for your project maybe my previous info will prove itself usefull to you or someone else that comes across this post
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Config Proftpd saudoi Solaris / OpenSolaris 15 11-12-2005 01:03 AM
About proftpd config problem tommyliu Linux - General 0 06-13-2004 01:02 PM
Help with ProFTPd config WNxSquee Linux - Software 5 01-06-2004 07:36 AM
help w/ proftpd config Nefarious Linux - Software 3 04-15-2003 09:50 PM
proftpd config mrozkan Linux - General 3 01-27-2002 01:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 03:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration