| View previous topic :: View next topic |
| Author |
Message |
gouranga
Tux's lil' helper
Joined: 05 Aug 2005
Posts: 113
|
 Posted: Sun Feb 05, 2006 4:21 pm Post subject: Proftp and multiple users |
 |
|
What I want:
A users connects to the ftp-server and is automatically chrooted in his own homedir.
Is this possible with proftpd , and how?
I don't want the users to see the dirlisting of the home-folder, and having them to click their own folder. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun Feb 05, 2006 8:43 pm Post subject: |
|
|
You can do both.
The drawback to using chrooting is that you can never link to a folder outside their home dir (to give read access to other stuff, for example.)
It's really very simple: set the initial folder to something inside their home dir (like ~/ftp for example) and deny access from the root on down.
Then you follow the sample config to allow them to access their home dir.
Much more flexible than using chrooting.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
gouranga
Tux's lil' helper
Joined: 05 Aug 2005
Posts: 113
|
| Posted: Mon Feb 06, 2006 12:28 pm Post subject: |
|
|
A config example would be handy.
*Update*
But now I have another problem, passv hangs...
| Code: |
localhost (84.194.47.254[84.194.47.254]) - unable to find open port in PassivePorts range 49152-49155: defaulting to INPORT_ANY
localhost (84.194.47.254[84.194.47.254]) - Entering Passive Mode (192,168,1,113,128,85).
|
When the DefaultRoot was /dir1/
everything was working fine, and that the only directive I changed. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Feb 07, 2006 7:44 pm Post subject: |
|
|
Nonono, don't use defaultroot!
At least, I don't use it, and you don't need it.
Use DefaultChDir to set an initial directory.
If you prohibit users from moving up through the directory tree like I said, you don't need (or want) a chroot.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
gouranga
Tux's lil' helper
Joined: 05 Aug 2005
Posts: 113
|
| Posted: Thu Feb 09, 2006 11:20 am Post subject: |
|
|
Here is my config file.
The PASV transfer keeps doing nothing when defaultchdir is ~ of defaultroot is ~.
However, when I change it to /dir1/ everything is working.
| Code: | # This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "Customers-FTP"
ServerType Standalone
DeferWelcome off
ShowSymlinks off
MultilineRFC2228 on
DefaultServer on
AllowOverwrite on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
DenyFilter \*.*/
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off
# Port 21 is the standard FTP port.
Port 2100
PassivePorts 49152 49155
AllowForeignAddress on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
AllowOverwrite on
</Directory>
# here are my improvements
# chroot for all users of the group ftpuser
#DefaultRoot ~
#DefaultRoot ~ ftpcustomers
DefaultChDir ~
<IfModule mod_clamav.c>
# Enable virus scanning and removal
ClamAV on
ClamWarn On
</IfModule>
# grant login only for members of the group
<Limit LOGIN>
DenyGroup !ftpcustomers
</Limit>
# disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin off
RequireValidShell Off
</Global>
# increase
UseReverseDNS off
IdentLookups off
# Logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# activate logging
# every login
ExtendedLog /ftpbase/log/ftp_auth.log AUTH auth
# file/dir access
ExtendedLog /ftpbase/log/ftp_access.log WRITE,READ write
# forr paranoid (big logfiles!)
ExtendedLog /ftpbase/log/ftp_paranoid.log ALL default
|
|
|
| Back to top |
|
|
|
Networking & Security
