[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cpanel user without being able to ftp (pure-ftp)

Posted on 2006-06-11
9
Medium Priority
?
1,485 Views
Last Modified: 2013-12-16
(Background: I've been a Linux sysadmin for years, but am new to Cpanel/WHM which this client requires).

I'm setting up a series of accounts through whm, which will need to have cpanel access (no file manager - easy enough to disable), and no ftp access (as there is a custom content manager on the server for these users).

The ftp server is pure-ftpd.  How does one disable ftp access without deleting the account, or disabling access to cpanel?

It looks like pure-ftp under Cpanel runs using pure-auth, using a script called pureauth.

I looked at the script - and it seems to point to a file a called /etc/ftpusers as being a place where you can add usernames that won't be allowed to login.

However, even after creating this file, adding the user name to that file, and restarting the ftp server, this is not being obeyed... any ideas?
0
Comment
Question by:periwinkle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 16881363
Hi,

What does the pure-ftpd.conf file say? Would it be possible to pate your config file as pure-ftpd has a variety of authentacation methods and in the pure-ftpd.conf file you will know what method is being used.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16882007
xDamox -

Thanks for the comment.  From rc.c/init.d, the following are being started:

/usr/sbin/pure-config.pl /etc/pure-ftpd.conf -O clf:/var/log/xferlog -lextauth:/var/run/ftpd.sock --daemonize
/usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth

The /etc/pure-ftpd.conf contains the following (comment lines eliminated for brevity):

ChrootEveryone              yes
BrokenClientsCompatibility  no
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             8
VerboseLog                  no
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous yes
SyslogFacility              ftp
DontResolve                 yes
MaxIdleTime                 15
ExtAuth /var/run/ftpd.sock
LimitRecursion              2000 8
AnonymousCanCreateDirs      no
MaxLoad                     4
AntiWarez                   yes
Umask                       133:022
MinUID                      100
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         no
AltLog  xferlog:/usr/local/apache/domlogs/ftpxferlog
MaxDiskUsage               99
CustomerProof              yes
TLS     1



0
 
LVL 16

Expert Comment

by:xDamox
ID: 16884171
Hi,

I have only messed with pure-ftpd with MySQL backend there dosnt seem to be any arguments specifying a file
with users to deny access. You could have a look at:

http://www.howtoforge.com/taxonomy_menu/1/35

There are alot of pure-ftpd guides there.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 15

Author Comment

by:periwinkle
ID: 16885306
This is definitely something specific to CPanel usage;  the copyright on the script is from CPanel.  Their forums have netted ZERO replies - very frustrating.

0
 
LVL 15

Author Comment

by:periwinkle
ID: 16888286
xDamox - thanks for the resource, but this isn't using the MySQL backend as you noted;  the pure-ftpd guides there don't seem to address this issue.

Really, what the server owner would like is to be able to create a cpanel user that doesn't have ftp access - is that impossible???
0
 
LVL 16

Accepted Solution

by:
xDamox earned 2000 total points
ID: 16888400
Hi,

I found this it may be usful http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users you can set it not
to use the /etc/passwd file.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16888480
Thanks, I did see that.  My concern is breaking the ability to use the cpanel which my client is going to use to manage the site, mostly without me.  I'll give it another look.  I've also submitted a support ticket with cpanel - hopefully I'll get a quick response.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16890531
Well, support has mailed back;  it appears that there is a bug in the pureauth code that prevents the /etc/ftpusers file from properly being checked!  I'm not going crazy - phew!
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16890535
xDamox - I awarded you the points for the support - it was appreciated, and the resources that you provided will be valuable to someone - thanks again!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month14 days, 15 hours left to enroll

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question