Cpanel user without being able to ftp (pure-ftp)

(Background: I've been a Linux sysadmin for years, but am new to Cpanel/WHM which this client requires).

I'm setting up a series of accounts through whm, which will need to have cpanel access (no file manager - easy enough to disable), and no ftp access (as there is a custom content manager on the server for these users).

The ftp server is pure-ftpd.  How does one disable ftp access without deleting the account, or disabling access to cpanel?

It looks like pure-ftp under Cpanel runs using pure-auth, using a script called pureauth.

I looked at the script - and it seems to point to a file a called /etc/ftpusers as being a place where you can add usernames that won't be allowed to login.

However, even after creating this file, adding the user name to that file, and restarting the ftp server, this is not being obeyed... any ideas?
LVL 15
periwinkleAsked:
Who is Participating?
 
xDamoxConnect With a Mentor Commented:
Hi,

I found this it may be usful http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users you can set it not
to use the /etc/passwd file.
0
 
xDamoxCommented:
Hi,

What does the pure-ftpd.conf file say? Would it be possible to pate your config file as pure-ftpd has a variety of authentacation methods and in the pure-ftpd.conf file you will know what method is being used.
0
 
periwinkleAuthor Commented:
xDamox -

Thanks for the comment.  From rc.c/init.d, the following are being started:

/usr/sbin/pure-config.pl /etc/pure-ftpd.conf -O clf:/var/log/xferlog -lextauth:/var/run/ftpd.sock --daemonize
/usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth

The /etc/pure-ftpd.conf contains the following (comment lines eliminated for brevity):

ChrootEveryone              yes
BrokenClientsCompatibility  no
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             8
VerboseLog                  no
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous yes
SyslogFacility              ftp
DontResolve                 yes
MaxIdleTime                 15
ExtAuth /var/run/ftpd.sock
LimitRecursion              2000 8
AnonymousCanCreateDirs      no
MaxLoad                     4
AntiWarez                   yes
Umask                       133:022
MinUID                      100
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         no
AltLog  xferlog:/usr/local/apache/domlogs/ftpxferlog
MaxDiskUsage               99
CustomerProof              yes
TLS     1



0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
xDamoxCommented:
Hi,

I have only messed with pure-ftpd with MySQL backend there dosnt seem to be any arguments specifying a file
with users to deny access. You could have a look at:

http://www.howtoforge.com/taxonomy_menu/1/35

There are alot of pure-ftpd guides there.
0
 
periwinkleAuthor Commented:
This is definitely something specific to CPanel usage;  the copyright on the script is from CPanel.  Their forums have netted ZERO replies - very frustrating.

0
 
periwinkleAuthor Commented:
xDamox - thanks for the resource, but this isn't using the MySQL backend as you noted;  the pure-ftpd guides there don't seem to address this issue.

Really, what the server owner would like is to be able to create a cpanel user that doesn't have ftp access - is that impossible???
0
 
periwinkleAuthor Commented:
Thanks, I did see that.  My concern is breaking the ability to use the cpanel which my client is going to use to manage the site, mostly without me.  I'll give it another look.  I've also submitted a support ticket with cpanel - hopefully I'll get a quick response.
0
 
periwinkleAuthor Commented:
Well, support has mailed back;  it appears that there is a bug in the pureauth code that prevents the /etc/ftpusers file from properly being checked!  I'm not going crazy - phew!
0
 
periwinkleAuthor Commented:
xDamox - I awarded you the points for the support - it was appreciated, and the resources that you provided will be valuable to someone - thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.