[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-users
Subject: [Proftpd-user] Specfici proftpd configuration.
From: "Jean Michel" <jean_michel_thirion () hotmail ! com>
Date: 2004-05-14 15:01:59
Message-ID: BAY8-DAV58ISmT6QcWY0000c044 () hotmail ! com
[Download RAW message or body]
Hello,
I am currently using an 1.2.7 version, and I need to upgrade it to 1.2.9.
Doing this, I notice that some directive have change, and I need to review my \
configuration.
We need to have on a same server (same name, same @IP) 3 differents type of ftp \
serveur :
- first one is an anonymous server, pointing in a specific file sytem, (in \
/ftp_anonymous in our case),
- second one is an "chroot" authenticated ftp server. That means that after a user \
has been authenticated, the server chroot him directely in /ftproot/<login_name>, and \
the user will not be able to cdup anymore,
- and last one is a classic ftp server, in which a specific user can do whatever he \
want, in folder (/reports in our case)
All users are authenticated by an ldap server, with posixaccount attributes set.
We have put in place this configuration : it works fine for anonymous, fine for \
"chroot" serveur, but does not work any more for last one. The user is created in \
ldap, and seems to be well defined.
Does anyone have an idea ?
Best regards, and thaks a lot everybody in advance,
Jean Michel THIRION.
Our simplify configuration file :
"
# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)
ServerName "FTP Server"
ServerType inetd
# Port 21 is the standard FTP port.
Port 21
TimeoutLogin 30
TimeoutIdle 300
Timeoutnotransfer 600
UseReverseDNS off
LOGFormat default "%h %u %t \"%r\" %s %b"
extendedLog /var/log/proftpd_std_debug.log ALL default
# If you don't want normal users logging in at all, uncomment this
# next section
Defaultroot /ftproot
RequireValidShell off
AllowOverwrite on
RootLogin on
# Set the user and group that the server normally runs at.
User nobody
Group nobody
MaxInstances 30
TimeoutStalled 300
TimeoutNoTransfer 300
TimesGMT off
HiddenStor on
LDAPAuthBinds on
LDAPDNInfo "uid=LDAP_search,o=my_org,c=my_country" "my_pass"
LDAPDoAuth on o=my_org,c=my_country (uid=%v)
LDAPDoUIDLookups off
LDAPDoGIDLookups off
LDAPDefaultUID 12345
LDAPDefaultGID 12345
LDAPServer host.domain.country:389
<Anonymous /reports>
User reporting
Group reports
AnonRequirePassword off
HiddenStor on
UserAlias reporting_alias reporting
</Anonymous>
<Anonymous /ftp_anonymous>
User anonym
Group nobody
HiddenStor on
AnonRequirePassword off
UserAlias anonymous anonym
<Limit WRITE>
Order deny,allow
DenyAll
</Limit>
<Directory /ftp_anonymous/upload>
umask 022
<Limit DELE READ RETR RMD CDUP XRMD>
DenyAll
</Limit>
<Limit WRITE>
Order allow,deny
AllowAll
</Limit>
</Directory>
</Anonymous>
<Anonymous /ftproot>
User proftp
Group proftpg
AnonRequirePassword on
UserDirRoot on
AuthUsingAlias on
HiddenStor on
UserAlias anonymous anonym
UserAlias * proftp
# Deny write access from all except trusted user (user1 here).
<Limit WRITE>
Order allow,deny
AllowUser user1
</Limit>
<Directory /ftp/ftproot/user2/>
<Limit STOR CWD DELE MKD READ RMD>
AllowUser user2
AllowUser proftp
</Limit>
<Limit CDUP>
Order allow,deny
AllowUser proftp
DenyAll
</Limit>
</Directory>
</Anonymous>
"
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4937.800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I am currently using an 1.2.7 version, and I need
to upgrade it to 1.2.9.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Doing this, I notice that some directive have
change, and I need to review my configuration.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>We need to have on a same server (same name, same
@IP) 3 differents type of ftp serveur :</FONT></DIV>
<DIV><FONT face=Arial size=2>- first one is an anonymous server, pointing in a
specific file sytem, (in /ftp_anonymous in our case),</FONT></DIV>
<DIV><FONT face=Arial size=2>- second one is an "chroot" authenticated ftp
server. That means that after a user has been authenticated, the server chroot
him directely in /ftproot/<login_name>, and the user will not be able to
cdup anymore,</FONT></DIV>
<DIV><FONT face=Arial size=2>- and last one is a classic ftp server, in which a
specific user can do whatever he want, in folder (/reports in our
case)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>All users are authenticated by an ldap server, with
posixaccount attributes set. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>We have put in place this configuration : it works
fine for anonymous, fine for "chroot" serveur, but does not work any more for
last one.</FONT></DIV>
<DIV><FONT face=Arial size=2>The user is created in ldap, and seems to be well
defined.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Does anyone have an idea ?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Best regards, and thaks a lot everybody in
advance,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Jean Michel THIRION.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Our simplify configuration file :</FONT></DIV>
<DIV><FONT face=Courier size=2>"</FONT></DIV>
<DIV><FONT face=Courier size=2># This sample configuration file illustrates
configuring two</FONT></DIV>
<DIV><FONT face=Courier size=2># anonymous directories, and a guest (same thing
as anonymous but</FONT></DIV>
<DIV><FONT face=Courier size=2># requires a valid password to
login)</FONT></DIV>
<DIV><FONT face=Courier size=2>ServerName "FTP Server"</FONT></DIV>
<DIV><FONT face=Courier size=2>ServerType inetd</FONT></DIV>
<DIV><FONT face=Courier size=2># Port 21 is the standard FTP port.</FONT></DIV>
<DIV><FONT face=Courier size=2>Port 21</FONT></DIV>
<DIV><FONT face=Courier size=2>TimeoutLogin 30</FONT></DIV>
<DIV><FONT face=Courier size=2>TimeoutIdle 300</FONT></DIV>
<DIV><FONT face=Courier size=2>Timeoutnotransfer 600</FONT></DIV>
<DIV><FONT face=Courier size=2>UseReverseDNS off</FONT></DIV>
<DIV><FONT face=Courier size=2>LOGFormat default "%h %u %t \"%r\" %s
%b"</FONT></DIV>
<DIV><FONT face=Courier size=2>extendedLog /var/log/proftpd_std_debug.log ALL
default</FONT></DIV>
<DIV><FONT face=Courier size=2># If you don't want normal users logging in at
all, uncomment this</FONT></DIV>
<DIV><FONT face=Courier size=2># next section</FONT></DIV>
<DIV><FONT face=Courier size=2>Defaultroot /ftproot</FONT></DIV>
<DIV><FONT face=Courier size=2>RequireValidShell off</FONT></DIV>
<DIV><FONT face=Courier size=2>AllowOverwrite on</FONT></DIV>
<DIV><FONT face=Courier size=2>RootLogin on</FONT></DIV>
<DIV><FONT face=Courier size=2># Set the user and group that the server normally
runs at.</FONT></DIV>
<DIV><FONT face=Courier size=2>User nobody</FONT></DIV>
<DIV><FONT face=Courier size=2>Group nobody</FONT></DIV>
<DIV><FONT face=Courier size=2>MaxInstances 30</FONT></DIV>
<DIV><FONT face=Courier size=2>TimeoutStalled 300</FONT></DIV>
<DIV><FONT face=Courier size=2>TimeoutNoTransfer 300</FONT></DIV>
<DIV><FONT face=Courier size=2>TimesGMT off</FONT></DIV>
<DIV><FONT face=Courier size=2>HiddenStor on</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPAuthBinds on</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPDNInfo
"uid=LDAP_search,o=my_org,c=my_country" "my_pass"</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPDoAuth on o=my_org,c=my_country
(uid=%v)</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPDoUIDLookups off</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPDoGIDLookups off</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPDefaultUID 12345</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPDefaultGID 12345</FONT></DIV>
<DIV><FONT face=Courier size=2>LDAPServer host.domain.country:389</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2><Anonymous /reports></FONT></DIV>
<DIV><FONT face=Courier size=2>User reporting</FONT></DIV>
<DIV><FONT face=Courier size=2>Group reports</FONT></DIV>
<DIV><FONT face=Courier size=2>AnonRequirePassword off</FONT></DIV>
<DIV><FONT face=Courier size=2>HiddenStor on</FONT></DIV>
<DIV><FONT face=Courier size=2>UserAlias reporting_alias reporting</FONT></DIV>
<DIV><FONT face=Courier size=2></Anonymous></FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2><Anonymous /ftp_anonymous></FONT></DIV>
<DIV><FONT face=Courier size=2>User anonym</FONT></DIV>
<DIV><FONT face=Courier size=2>Group nobody</FONT></DIV>
<DIV><FONT face=Courier size=2>HiddenStor on</FONT></DIV>
<DIV><FONT face=Courier size=2>AnonRequirePassword off</FONT></DIV>
<DIV><FONT face=Courier size=2>UserAlias anonymous anonym</FONT></DIV>
<DIV><FONT face=Courier size=2><Limit WRITE></FONT></DIV>
<DIV><FONT face=Courier size=2>Order deny,allow</FONT></DIV>
<DIV><FONT face=Courier size=2>DenyAll</FONT></DIV>
<DIV><FONT face=Courier size=2></Limit></FONT></DIV>
<DIV><FONT face=Courier size=2><Directory
/ftp_anonymous/upload></FONT></DIV>
<DIV><FONT face=Courier size=2>umask 022</FONT></DIV>
<DIV><FONT face=Courier size=2><Limit DELE READ RETR RMD CDUP
XRMD></FONT></DIV>
<DIV><FONT face=Courier size=2>DenyAll</FONT></DIV>
<DIV><FONT face=Courier size=2></Limit></FONT></DIV>
<DIV><FONT face=Courier size=2><Limit WRITE></FONT></DIV>
<DIV><FONT face=Courier size=2>Order allow,deny</FONT></DIV>
<DIV><FONT face=Courier size=2>AllowAll</FONT></DIV>
<DIV><FONT face=Courier size=2></Limit> </FONT></DIV>
<DIV><FONT face=Courier size=2></Directory></FONT></DIV>
<DIV><FONT face=Courier size=2></Anonymous></FONT></DIV>
<DIV><FONT face=Courier size=2><Anonymous /ftproot></FONT></DIV>
<DIV><FONT face=Courier size=2>User proftp</FONT></DIV>
<DIV><FONT face=Courier size=2>Group proftpg</FONT></DIV>
<DIV><FONT face=Courier size=2>AnonRequirePassword on</FONT></DIV>
<DIV><FONT face=Courier size=2>UserDirRoot on</FONT></DIV>
<DIV><FONT face=Courier size=2>AuthUsingAlias on</FONT></DIV>
<DIV><FONT face=Courier size=2>HiddenStor on </FONT></DIV>
<DIV><FONT face=Courier size=2>UserAlias anonymous anonym </FONT></DIV>
<DIV><FONT face=Courier size=2>UserAlias * proftp</FONT></DIV>
<DIV><FONT face=Courier size=2></FONT> </DIV>
<DIV><FONT face=Courier size=2># Deny write access from all except trusted user
(user1 here).</FONT></DIV>
<DIV><FONT face=Courier size=2><Limit WRITE></FONT></DIV>
<DIV><FONT face=Courier size=2>Order allow,deny</FONT></DIV>
<DIV><FONT face=Courier size=2>AllowUser user1</FONT></DIV>
<DIV><FONT face=Courier size=2></Limit></FONT></DIV>
<DIV><FONT face=Courier size=2><Directory
/ftp/ftproot/user2/></FONT></DIV>
<DIV><FONT face=Courier size=2><Limit STOR CWD DELE MKD READ
RMD></FONT></DIV>
<DIV><FONT face=Courier size=2>AllowUser user2</FONT></DIV>
<DIV><FONT face=Courier size=2>AllowUser proftp</FONT></DIV>
<DIV><FONT face=Courier size=2></Limit></FONT></DIV>
<DIV><FONT face=Courier size=2><Limit CDUP></FONT></DIV>
<DIV><FONT face=Courier size=2>Order allow,deny</FONT></DIV>
<DIV><FONT face=Courier size=2>AllowUser proftp</FONT></DIV>
<DIV><FONT face=Courier size=2>DenyAll</FONT></DIV>
<DIV><FONT face=Courier size=2></Limit></FONT></DIV>
<DIV><FONT face=Courier size=2></Directory></FONT></DIV>
<DIV><FONT face=Courier size=2></Anonymous></FONT></DIV>
<DIV><FONT face=Courier size=2>"</FONT></DIV></BODY></HTML>
-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
ProFTPD Users List <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic