Proftpd
Greetings,
I am having a little trouble coming up with a working config with proftpd. If somebody could get me on the right track with a little sample of what I need to do to get this working, I would really appreciate it. It's very simple, but for some reason.....: 1. I need to specify a download and an upload directory (two different directories) for *non* anonymous user. For example /usr/local/ftp/download /usr/local/ftp/upload 2. I need to create the config so that it is *not* anonymous, and a user needs to have a correct username and password, as well as an allowed IP address, in order to access the folders. 3. For security, I would like to lock the user into those folders (I know that config command, but maybe I'm messing it up...?) Like I said, this should be really easy, but for some reason I can't seem to get it to work. The proftpd site isn't much help to me, either, since they seem to only show examples for anonymous access :-/ Thanks :) |
What I did to solve that problem was to point "/usr/local/ftp/download
" as their home directory in their /etc/passwd. So everything they connect via ftp they will see all files in that path. If you found the syntax that does this in the config file, please let me know as well! :) Good luck... -twantrd |
twantrd,
If you can spare a moment, I would really appreciate it. I cannot seem to get the user/password/directory thing working. |
No, I can't spare a moment...j/k :). Anyhow in /etc/passwd file this is mine:
twantrd:x:1004:1004:twantrd,,,:/home/twantrd:/bin/bash Look for your username entry and change the '/home/<your username>' to "/usr/local/ftp" What that now does is that everytime a user logs in via ssh or telnet that will now be their home directory. If the user connects via FTP, then now they will see the contents of /usr/local/ftp. Now make a directory called "Upload" and "Download" and set permissions accordingly to however you want it. Quote:
-twantrd |
to specify your directory, try:
Code:
DefaultRoot /usr/local/ftp/upload <group name> The default root will keep the users jailed in document root directory. |
Does somebody have a little sample configuration that I can look at to try and connect all this together?
For example.... would it look something like this? <Anonymous /usr/local/ftp/downloads> DefaultRoot /usr/local/ftp/upload <group name> </Anonymous> Inexactitude: I have added those users to my ftpusers list, but I still am not sure how to integrate that with proftpd. Are ftp users system users? I have to create a download and upload group on the system, and they use that password? Sorry if these questions seem stupid, but I am struggling with just a general oversight of the proftp configuration right now. |
Well, if you don't want anonymous ftp you should just comment out all the lines concerning anonymous ftp. I don't have my proftpd.conf handy right now, I'll get it for you later if you need it.
I'm having trouble understanding what you here. Do you want anonymous users to be able to use one directory, and have other users use a different directory for a group, or a different group for each user? Once a user is added to the ftpusers list, that user won't be able to connect on ftp anymore. Yes, ftp users are system users. They use the system password to connect to the server. Create all the users you want for ftp, put them in the same group, don't give them home directories, and don't give them shells (as long as you don't want them to use any other services). If you don't give your users shells, make sure you have this in your proftpd.conf: Code:
RequireValidShell off |
Inexactitude,
Yes, that helped. I only want about 3 or so people to be able to access ftp on my server, and nobody as anonymous. Does this configuration stuff have to be enclosed in any form of <Location> brackets or something, or.... ? I really, *really* wish the ProFTPd docs were more dummy-friendly. They have 2 forms of configuration file samples on their site - too simple, and too complicated. Thanks for your help, Inexactitude. I really appreciate it. |
At the end of your file, put this (just after the anonymous chroot part of the file):
Code:
<Global> Thanks. |
Thank you very much, Inexactitude! I'll try it as soon as I get home =)
|
Hope it works for you. Tell me how it goes, and if you need anything else, I'll do my best to help.
|
Inexactitude,
Thanks again. Unfortunately, I can't seem to connect still. I have added what you have shown, and added one of my users to the "ftp" group. Unfortunately, when I connect with SmartFTP, I get an error that I could not connect "because the server actively refused it". Any ideas what could be happening now? |
Are you sure the server daemon is running?
Have you added RequireValidShell off to the configuration file? Exactly what happens? Are you able to put your password in, and then get rejected, or you just get rejected right off the bat? |
I pasted exactly what you have into my config (edited location and group, of course). I also did a check, and port 21 is being listened on, so I'm pretty sure that means that the daemon is running.
I am not even able to connect. In the command line when doing it from the box itself: $ ftp 24.106.18.115 ftp: connect: Connection refused |
Okay, try /etc/rc.d/init.d/proftpd restart or /etc/rc.d/proftpd restart, is it reporting any errors on the restart? Also, are you running it from inside inetd? If so, make certain that the ftp is uncommented in /etc/inetd.conf.
Once I have my proftpd.conf handy again (if it is running from inetd), we'll try running proftpd as a stand-alone server. Also, try connecting to the machines local address or localhost. Is the box behind a router or firewall? |
All times are GMT -5. The time now is 07:12 AM. |