• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1491
  • Last Modified:

Cpanel user without being able to ftp (pure-ftp)

(Background: I've been a Linux sysadmin for years, but am new to Cpanel/WHM which this client requires).

I'm setting up a series of accounts through whm, which will need to have cpanel access (no file manager - easy enough to disable), and no ftp access (as there is a custom content manager on the server for these users).

The ftp server is pure-ftpd.  How does one disable ftp access without deleting the account, or disabling access to cpanel?

It looks like pure-ftp under Cpanel runs using pure-auth, using a script called pureauth.

I looked at the script - and it seems to point to a file a called /etc/ftpusers as being a place where you can add usernames that won't be allowed to login.

However, even after creating this file, adding the user name to that file, and restarting the ftp server, this is not being obeyed... any ideas?
0
periwinkle
Asked:
periwinkle
  • 6
  • 3
1 Solution
 
xDamoxCommented:
Hi,

What does the pure-ftpd.conf file say? Would it be possible to pate your config file as pure-ftpd has a variety of authentacation methods and in the pure-ftpd.conf file you will know what method is being used.
0
 
periwinkleAuthor Commented:
xDamox -

Thanks for the comment.  From rc.c/init.d, the following are being started:

/usr/sbin/pure-config.pl /etc/pure-ftpd.conf -O clf:/var/log/xferlog -lextauth:/var/run/ftpd.sock --daemonize
/usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth

The /etc/pure-ftpd.conf contains the following (comment lines eliminated for brevity):

ChrootEveryone              yes
BrokenClientsCompatibility  no
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             8
VerboseLog                  no
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous yes
SyslogFacility              ftp
DontResolve                 yes
MaxIdleTime                 15
ExtAuth /var/run/ftpd.sock
LimitRecursion              2000 8
AnonymousCanCreateDirs      no
MaxLoad                     4
AntiWarez                   yes
Umask                       133:022
MinUID                      100
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         no
AltLog  xferlog:/usr/local/apache/domlogs/ftpxferlog
MaxDiskUsage               99
CustomerProof              yes
TLS     1



0
 
xDamoxCommented:
Hi,

I have only messed with pure-ftpd with MySQL backend there dosnt seem to be any arguments specifying a file
with users to deny access. You could have a look at:

http://www.howtoforge.com/taxonomy_menu/1/35

There are alot of pure-ftpd guides there.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
periwinkleAuthor Commented:
This is definitely something specific to CPanel usage;  the copyright on the script is from CPanel.  Their forums have netted ZERO replies - very frustrating.

0
 
periwinkleAuthor Commented:
xDamox - thanks for the resource, but this isn't using the MySQL backend as you noted;  the pure-ftpd guides there don't seem to address this issue.

Really, what the server owner would like is to be able to create a cpanel user that doesn't have ftp access - is that impossible???
0
 
xDamoxCommented:
Hi,

I found this it may be usful http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users you can set it not
to use the /etc/passwd file.
0
 
periwinkleAuthor Commented:
Thanks, I did see that.  My concern is breaking the ability to use the cpanel which my client is going to use to manage the site, mostly without me.  I'll give it another look.  I've also submitted a support ticket with cpanel - hopefully I'll get a quick response.
0
 
periwinkleAuthor Commented:
Well, support has mailed back;  it appears that there is a bug in the pureauth code that prevents the /etc/ftpusers file from properly being checked!  I'm not going crazy - phew!
0
 
periwinkleAuthor Commented:
xDamox - I awarded you the points for the support - it was appreciated, and the resources that you provided will be valuable to someone - thanks again!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now