Solved

proFTPd access/permissions issue

Posted on 2006-07-21
2
1,032 Views
Last Modified: 2013-11-22
Hi,

I have a question regarding folder access permissions using proFTPd.  The proFTPd application is running and I'm able to log in using different accounts but the permissions are not working correctly.  For instance, I have a download folder and created a specific user account to access it.  The folder has 770 permissions for the ftpuser and ftpgroup.  I allow READ access to the folder but nothing else.  When I log in I'm unable to download any files in the folder.  There is nothing in the logs that indicate a problem.  I have 3 folders.  2 are used for downloading only.  The logged in person shouldn't have any rights except to download files.  The other folder is for uploading and the users should have rights to do anything except put a file into the folder.  Below is a copy of the proftpd.conf that I'm using.  I can't find any decent documention in regards to the Limit rules for proFTPd (DELE MKD RMD XMKD XRMD STOR CWD XCWD READ WRITE etc)  Can someone tell me what Limit rules I need to get both download folders and the one upload folder to be secure yet function correctly?

Thanks!


#
ServerType                   standalone
DefaultServer                  on
ScoreboardFile                  /var/run/proftpd.scoreboard

# Port 21 is the standard FTP port.
Port                        21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 10

# Set the user and group under which the server will run.
User                  nobody
Group                  nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin               off
RequireValidShell       on
</Global>

# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Logging
ExtendedLog /var/log/proftp_auth.log AUTH auth

# File/Dir Access Log
ExtendedLog /var/log/proftp_access.log WRITE,READ write

# Logging formats

LogFormat         default "%h %l %u %t \"%r\" %s %b"
LogFormat        auth    "%v [%P] %h %t \"%r\" %s"
LogFormat        write   "%h %l %u %t \"%r\" %s %b"

# DNS resolution when processing logs.
UseReverseDNS          off
IdentLookups           off

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<Global>
DeleteAbortedStores    on
</Global>

 <Limit LOGIN>
    AllowGroup ftpusers
    DenyAll
  </Limit>

 <Limit WRITE>
    DenyAll
    </Limit>

  <Directory /ftproot/product/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/download/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/upload/>
     <Limit STOR READ>
        AllowAll
     </Limit>
     <Limit CWD XCWD DELE MKD RMD XMKD XRMD>
        DenyAll
     </Limit>
  </Directory>
0
Comment
Question by:steno1122
2 Comments
 
LVL 29

Expert Comment

by:TeRReF
ID: 17183803
Try changing these lines:
<Directory /ftproot/product/>
<Directory /ftproot/download/>
<Directory /ftproot/upload/>

To:
<Directory /ftproot/product/*>
<Directory /ftproot/download/*>
<Directory /ftproot/upload/*>

If that doesn't work, you might want to try to remove '/ftproot/' from those lines.
0
 
LVL 15

Accepted Solution

by:
mr_egyptian earned 200 total points
ID: 17198044
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now