Solved

proFTPd access/permissions issue

Posted on 2006-07-21
2
1,038 Views
Last Modified: 2013-11-22
Hi,

I have a question regarding folder access permissions using proFTPd.  The proFTPd application is running and I'm able to log in using different accounts but the permissions are not working correctly.  For instance, I have a download folder and created a specific user account to access it.  The folder has 770 permissions for the ftpuser and ftpgroup.  I allow READ access to the folder but nothing else.  When I log in I'm unable to download any files in the folder.  There is nothing in the logs that indicate a problem.  I have 3 folders.  2 are used for downloading only.  The logged in person shouldn't have any rights except to download files.  The other folder is for uploading and the users should have rights to do anything except put a file into the folder.  Below is a copy of the proftpd.conf that I'm using.  I can't find any decent documention in regards to the Limit rules for proFTPd (DELE MKD RMD XMKD XRMD STOR CWD XCWD READ WRITE etc)  Can someone tell me what Limit rules I need to get both download folders and the one upload folder to be secure yet function correctly?

Thanks!


#
ServerType                   standalone
DefaultServer                  on
ScoreboardFile                  /var/run/proftpd.scoreboard

# Port 21 is the standard FTP port.
Port                        21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 10

# Set the user and group under which the server will run.
User                  nobody
Group                  nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin               off
RequireValidShell       on
</Global>

# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Logging
ExtendedLog /var/log/proftp_auth.log AUTH auth

# File/Dir Access Log
ExtendedLog /var/log/proftp_access.log WRITE,READ write

# Logging formats

LogFormat         default "%h %l %u %t \"%r\" %s %b"
LogFormat        auth    "%v [%P] %h %t \"%r\" %s"
LogFormat        write   "%h %l %u %t \"%r\" %s %b"

# DNS resolution when processing logs.
UseReverseDNS          off
IdentLookups           off

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<Global>
DeleteAbortedStores    on
</Global>

 <Limit LOGIN>
    AllowGroup ftpusers
    DenyAll
  </Limit>

 <Limit WRITE>
    DenyAll
    </Limit>

  <Directory /ftproot/product/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/download/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/upload/>
     <Limit STOR READ>
        AllowAll
     </Limit>
     <Limit CWD XCWD DELE MKD RMD XMKD XRMD>
        DenyAll
     </Limit>
  </Directory>
0
Comment
Question by:steno1122
2 Comments
 
LVL 29

Expert Comment

by:TeRReF
ID: 17183803
Try changing these lines:
<Directory /ftproot/product/>
<Directory /ftproot/download/>
<Directory /ftproot/upload/>

To:
<Directory /ftproot/product/*>
<Directory /ftproot/download/*>
<Directory /ftproot/upload/*>

If that doesn't work, you might want to try to remove '/ftproot/' from those lines.
0
 
LVL 15

Accepted Solution

by:
mr_egyptian earned 200 total points
ID: 17198044
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question