|
ProFTPd restrict all users to /fs ?
Been hacking at ProFTPd on my Slack 10.2 box for a while now and I'm horribly confused (as many of us are apparently). I'm trying to set it up to restrict all users to have Read Only access to /fs/ (I can still get to all the rest of my files using SFTP over SSH).
I've got ProFTPd up and running but I'm lost trying to figure out the config file. No matter what I do it seems to either give me all access to all the files, or no access to anything! Any help would be greatly appreciated. thanks in advance, dbc |
If I'm not mistaken, I think you just need to set the DefaultRoot ~ line to DefaultRoot /fs. Make sure the directory permissions are set for users to read only. At least this works with a standard ftp server.
I'm not sure how the ssh connection works with sftp or if it circumvents the standard ftp settings since you've already logged on via ssh... |
Issue on RHEL3
I have the issue if that command just not working either. The DefaultRoot being set anywhere I wish doesn't work. Users always default to their home directory and are able to see the entire file structure.
|
Can you post your config file?
|
Here is all I have:
Quote:
|
What ftp server are you using? That doens't look like a ProFTP config file to me (which is what was started in this thread).
|
It is ProFTP according to the documentation, I have removed all of the comments and included just what remains. I have uncommented the user and group lines and created my own. The "DefaultRoot" normally is started as ~, whch is not what I want. I changed the default port to ftp into and the server name. When I ftp to my server, here is the version info:
ProFTPD 1.3.0rc5 Server (ProFTPD Default Installation) I absolutely do not want anonymous access. Authenticated linux users only. I have even tried modifying/creating my configuration using webmin, but am still seeing the same results. According to the documentation, the DefaultRoot line should set the root directoty. There originally was an additional line there which started with "Ch" like ChDefault or something which had no effect either. |
Do your users have read/write access to /var/www/html? Also is the "x" bit enabled for the directory?
|
Owner is root, group is a set of my ftp users and the rights are set as 775
|
Just out of curiosity, do you have to restart proftpd for the changes to take effect?
|
It isn't a service and according to the documentation it is an "on the fly" type of change. In fact, when I make changes within webmin that are in error (not a recognized function or format) and apply the changes to the server (which restarts it) it will report failures. The only thing I have not done is reboot the entire system, which I prefer not to do as it serves a number of other functions. Rebooting the entire box for a config modification is certainly not desirable.
|
Nor should you need to reboot the computer. I just didn't remember if you had the option of starting the proftpd as a service not controled by inetd. It sounds like yours is being controlled by inetd so each connection uses the new config automagically.
I'm really sort of stumped as to what is going on here. Granted I'm no expert, but I've never had a problem just chaning the DefaultRoot line... Hmm. The only difference I see between our config files is that my Umask line has 022 022 (the second one is for directories). But I'm not sure why that would matter... Oh, and the port change of course... |
Got it. Though it doesn't run as a service, it was running as a process and wasn't being reset. I brought up a process list and killed it. Then I simply ran proftpd to restart it and it worked. Thanks for the help, though. You got me thinking that it simply wasn't restarting as expected.
Here is how I ended up modifying my config file before killing the process. not sure if it made any real difference. Quote:
|
| All times are GMT -5. The time now is 09:46 PM. |