Solved

proFTPd access/permissions issue

Posted on 2006-07-21
2
1,035 Views
Last Modified: 2013-11-22
Hi,

I have a question regarding folder access permissions using proFTPd.  The proFTPd application is running and I'm able to log in using different accounts but the permissions are not working correctly.  For instance, I have a download folder and created a specific user account to access it.  The folder has 770 permissions for the ftpuser and ftpgroup.  I allow READ access to the folder but nothing else.  When I log in I'm unable to download any files in the folder.  There is nothing in the logs that indicate a problem.  I have 3 folders.  2 are used for downloading only.  The logged in person shouldn't have any rights except to download files.  The other folder is for uploading and the users should have rights to do anything except put a file into the folder.  Below is a copy of the proftpd.conf that I'm using.  I can't find any decent documention in regards to the Limit rules for proFTPd (DELE MKD RMD XMKD XRMD STOR CWD XCWD READ WRITE etc)  Can someone tell me what Limit rules I need to get both download folders and the one upload folder to be secure yet function correctly?

Thanks!


#
ServerType                   standalone
DefaultServer                  on
ScoreboardFile                  /var/run/proftpd.scoreboard

# Port 21 is the standard FTP port.
Port                        21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 10

# Set the user and group under which the server will run.
User                  nobody
Group                  nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin               off
RequireValidShell       on
</Global>

# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Logging
ExtendedLog /var/log/proftp_auth.log AUTH auth

# File/Dir Access Log
ExtendedLog /var/log/proftp_access.log WRITE,READ write

# Logging formats

LogFormat         default "%h %l %u %t \"%r\" %s %b"
LogFormat        auth    "%v [%P] %h %t \"%r\" %s"
LogFormat        write   "%h %l %u %t \"%r\" %s %b"

# DNS resolution when processing logs.
UseReverseDNS          off
IdentLookups           off

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<Global>
DeleteAbortedStores    on
</Global>

 <Limit LOGIN>
    AllowGroup ftpusers
    DenyAll
  </Limit>

 <Limit WRITE>
    DenyAll
    </Limit>

  <Directory /ftproot/product/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/download/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/upload/>
     <Limit STOR READ>
        AllowAll
     </Limit>
     <Limit CWD XCWD DELE MKD RMD XMKD XRMD>
        DenyAll
     </Limit>
  </Directory>
0
Comment
Question by:steno1122
2 Comments
 
LVL 29

Expert Comment

by:TeRReF
ID: 17183803
Try changing these lines:
<Directory /ftproot/product/>
<Directory /ftproot/download/>
<Directory /ftproot/upload/>

To:
<Directory /ftproot/product/*>
<Directory /ftproot/download/*>
<Directory /ftproot/upload/*>

If that doesn't work, you might want to try to remove '/ftproot/' from those lines.
0
 
LVL 15

Accepted Solution

by:
mr_egyptian earned 200 total points
ID: 17198044
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX print queues constantly going down 11 527
pauing printer deamon in AIX 10 61
change HISTFILE for root user on AIX 3 80
Expand a partition in Centos 7 Linux with Virtualmin 1 64
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question