Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

proFTPd access/permissions issue

Posted on 2006-07-21
2
Medium Priority
?
1,042 Views
Last Modified: 2013-11-22
Hi,

I have a question regarding folder access permissions using proFTPd.  The proFTPd application is running and I'm able to log in using different accounts but the permissions are not working correctly.  For instance, I have a download folder and created a specific user account to access it.  The folder has 770 permissions for the ftpuser and ftpgroup.  I allow READ access to the folder but nothing else.  When I log in I'm unable to download any files in the folder.  There is nothing in the logs that indicate a problem.  I have 3 folders.  2 are used for downloading only.  The logged in person shouldn't have any rights except to download files.  The other folder is for uploading and the users should have rights to do anything except put a file into the folder.  Below is a copy of the proftpd.conf that I'm using.  I can't find any decent documention in regards to the Limit rules for proFTPd (DELE MKD RMD XMKD XRMD STOR CWD XCWD READ WRITE etc)  Can someone tell me what Limit rules I need to get both download folders and the one upload folder to be secure yet function correctly?

Thanks!


#
ServerType                   standalone
DefaultServer                  on
ScoreboardFile                  /var/run/proftpd.scoreboard

# Port 21 is the standard FTP port.
Port                        21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 10

# Set the user and group under which the server will run.
User                  nobody
Group                  nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin               off
RequireValidShell       on
</Global>

# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Logging
ExtendedLog /var/log/proftp_auth.log AUTH auth

# File/Dir Access Log
ExtendedLog /var/log/proftp_access.log WRITE,READ write

# Logging formats

LogFormat         default "%h %l %u %t \"%r\" %s %b"
LogFormat        auth    "%v [%P] %h %t \"%r\" %s"
LogFormat        write   "%h %l %u %t \"%r\" %s %b"

# DNS resolution when processing logs.
UseReverseDNS          off
IdentLookups           off

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<Global>
DeleteAbortedStores    on
</Global>

 <Limit LOGIN>
    AllowGroup ftpusers
    DenyAll
  </Limit>

 <Limit WRITE>
    DenyAll
    </Limit>

  <Directory /ftproot/product/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/download/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/upload/>
     <Limit STOR READ>
        AllowAll
     </Limit>
     <Limit CWD XCWD DELE MKD RMD XMKD XRMD>
        DenyAll
     </Limit>
  </Directory>
0
Comment
Question by:steno1122
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Expert Comment

by:TeRReF
ID: 17183803
Try changing these lines:
<Directory /ftproot/product/>
<Directory /ftproot/download/>
<Directory /ftproot/upload/>

To:
<Directory /ftproot/product/*>
<Directory /ftproot/download/*>
<Directory /ftproot/upload/*>

If that doesn't work, you might want to try to remove '/ftproot/' from those lines.
0
 
LVL 15

Accepted Solution

by:
mr_egyptian earned 800 total points
ID: 17198044
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question