ProFTPd

Waerner · 12-29-2005, 07:13 PM

Hi guys (and girls?), this is kinda embarrassing, but I can't even follow this tutorial:

http://www.linuxquestions.org/linux/...to_end_ProFTPD

First of all, I added the user and group which it told me to do. But it complained about a missing group, so I think I added it first, and then created the user.

Anyway, I thought I had done everything correct, until --> "Login incorrect"

Can anyone please tell me exactly how to add a user, which do need a password to connect. And which ONLY has access to the directory /server/ftp/linus/ - and no directories on a lower level ( e.g. /server/ftp/ and /server/ ).

I also think the conf-file might be a bit messed up, but I can post it here if you want, or rather, if someone posts a working, pre-configured conf-file.

The ftpusers file looks like this:

Code:

# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
nobody

Please

bobbens · 12-30-2005, 12:25 PM

My /etc/proftpd.conf . I haven't really played around with it much and have created a special ftp user "guest". It works fine on my machine.

Code:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

ServerName			"Debian"
ServerType			standalone
DeferWelcome			off

MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                	"-l"

DenyFilter			\*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd		off

# Uncomment this if you would use TLS module:
#TLSEngine 			on

# Uncomment this if you would use quota module:
#Quotas				on

# Uncomment this if you would use ratio module:
#Ratios				on

# Port 21 is the standard FTP port.
Port				21

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				guest
Group				guest

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask				022  022
# Normally, we want files to be overwriteable.
AllowOverwrite			on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
#DelayEngine 			off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User				ftp
#   Group				nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias			anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser	on ftp
#   DirFakeGroup on ftp
# 
#   RequireValidShell		off
# 
#   # Limit the maximum number of anonymous logins
#   MaxClients			10
# 
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin			welcome.msg
#   DisplayFirstChdir		.message
# 
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
# 
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask				022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
# 
# </Anonymous>

Waerner · 12-30-2005, 01:38 PM

Thanks alot mate, and you said you had an guest account? I guess it's limited to a specific directory, without any abilities to browse anything else but that directory? If that's the case, how did you set it up?

Thanks,
Linus Waerner

bobbens · 12-30-2005, 01:44 PM

Quote:

Originally Posted by Waerner

Thanks alot mate, and you said you had an guest account? I guess it's limited to a specific directory, without any abilities to browse anything else but that directory? If that's the case, how did you set it up?

Thanks,
Linus Waerner

you basically can set up a guest account and make it not a member of any groups, using stuff like useradd or adduser and such. Since i don't use a mutli-user system i don't remember too well how i did it but you can look online. Then you make the guest account member of the groups you want him to be able to manipulate and set him up with a directory for him. When you log in through ftp using the guest account it'll default to your home directory, but you can add symbolic links and move around if it works. You might also want to add an ftp group or proftp group or something like that, and make everyone who you want to be able to read the guests ftp account's stuff a member as that and make it so you default as guest.ftp or something like that. From what i've seen proftp pretty much is taking care of permissions and setting it up.

Waerner · 01-01-2006, 08:09 AM

Thanks alot mate.

What I did to solve everything (if someone want to know) was to add "DefaultRoot ~" at the first line in proftpd.conf, and add a new user on the system (useradd name -p password -d /homedir/). Thereafter I ran chmod 777 on the homedir (which gives the user abilities to write and delete in the homedir, trough an FTP connection).

Greetings,
Linus W