Solved

Cpanel user without being able to ftp (pure-ftp)

Posted on 2006-06-11
9
1,460 Views
Last Modified: 2013-12-16
(Background: I've been a Linux sysadmin for years, but am new to Cpanel/WHM which this client requires).

I'm setting up a series of accounts through whm, which will need to have cpanel access (no file manager - easy enough to disable), and no ftp access (as there is a custom content manager on the server for these users).

The ftp server is pure-ftpd.  How does one disable ftp access without deleting the account, or disabling access to cpanel?

It looks like pure-ftp under Cpanel runs using pure-auth, using a script called pureauth.

I looked at the script - and it seems to point to a file a called /etc/ftpusers as being a place where you can add usernames that won't be allowed to login.

However, even after creating this file, adding the user name to that file, and restarting the ftp server, this is not being obeyed... any ideas?
0
Comment
Question by:periwinkle
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 16881363
Hi,

What does the pure-ftpd.conf file say? Would it be possible to pate your config file as pure-ftpd has a variety of authentacation methods and in the pure-ftpd.conf file you will know what method is being used.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16882007
xDamox -

Thanks for the comment.  From rc.c/init.d, the following are being started:

/usr/sbin/pure-config.pl /etc/pure-ftpd.conf -O clf:/var/log/xferlog -lextauth:/var/run/ftpd.sock --daemonize
/usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureauth

The /etc/pure-ftpd.conf contains the following (comment lines eliminated for brevity):

ChrootEveryone              yes
BrokenClientsCompatibility  no
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             8
VerboseLog                  no
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous yes
SyslogFacility              ftp
DontResolve                 yes
MaxIdleTime                 15
ExtAuth /var/run/ftpd.sock
LimitRecursion              2000 8
AnonymousCanCreateDirs      no
MaxLoad                     4
AntiWarez                   yes
Umask                       133:022
MinUID                      100
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         no
AltLog  xferlog:/usr/local/apache/domlogs/ftpxferlog
MaxDiskUsage               99
CustomerProof              yes
TLS     1



0
 
LVL 16

Expert Comment

by:xDamox
ID: 16884171
Hi,

I have only messed with pure-ftpd with MySQL backend there dosnt seem to be any arguments specifying a file
with users to deny access. You could have a look at:

http://www.howtoforge.com/taxonomy_menu/1/35

There are alot of pure-ftpd guides there.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16885306
This is definitely something specific to CPanel usage;  the copyright on the script is from CPanel.  Their forums have netted ZERO replies - very frustrating.

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 15

Author Comment

by:periwinkle
ID: 16888286
xDamox - thanks for the resource, but this isn't using the MySQL backend as you noted;  the pure-ftpd guides there don't seem to address this issue.

Really, what the server owner would like is to be able to create a cpanel user that doesn't have ftp access - is that impossible???
0
 
LVL 16

Accepted Solution

by:
xDamox earned 500 total points
ID: 16888400
Hi,

I found this it may be usful http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users you can set it not
to use the /etc/passwd file.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16888480
Thanks, I did see that.  My concern is breaking the ability to use the cpanel which my client is going to use to manage the site, mostly without me.  I'll give it another look.  I've also submitted a support ticket with cpanel - hopefully I'll get a quick response.
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16890531
Well, support has mailed back;  it appears that there is a bug in the pureauth code that prevents the /etc/ftpusers file from properly being checked!  I'm not going crazy - phew!
0
 
LVL 15

Author Comment

by:periwinkle
ID: 16890535
xDamox - I awarded you the points for the support - it was appreciated, and the resources that you provided will be valuable to someone - thanks again!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now