Solved

proFTPd access/permissions issue

Posted on 2006-07-21
2
1,039 Views
Last Modified: 2013-11-22
Hi,

I have a question regarding folder access permissions using proFTPd.  The proFTPd application is running and I'm able to log in using different accounts but the permissions are not working correctly.  For instance, I have a download folder and created a specific user account to access it.  The folder has 770 permissions for the ftpuser and ftpgroup.  I allow READ access to the folder but nothing else.  When I log in I'm unable to download any files in the folder.  There is nothing in the logs that indicate a problem.  I have 3 folders.  2 are used for downloading only.  The logged in person shouldn't have any rights except to download files.  The other folder is for uploading and the users should have rights to do anything except put a file into the folder.  Below is a copy of the proftpd.conf that I'm using.  I can't find any decent documention in regards to the Limit rules for proFTPd (DELE MKD RMD XMKD XRMD STOR CWD XCWD READ WRITE etc)  Can someone tell me what Limit rules I need to get both download folders and the one upload folder to be secure yet function correctly?

Thanks!


#
ServerType                   standalone
DefaultServer                  on
ScoreboardFile                  /var/run/proftpd.scoreboard

# Port 21 is the standard FTP port.
Port                        21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 10

# Set the user and group under which the server will run.
User                  nobody
Group                  nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin               off
RequireValidShell       on
</Global>

# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Logging
ExtendedLog /var/log/proftp_auth.log AUTH auth

# File/Dir Access Log
ExtendedLog /var/log/proftp_access.log WRITE,READ write

# Logging formats

LogFormat         default "%h %l %u %t \"%r\" %s %b"
LogFormat        auth    "%v [%P] %h %t \"%r\" %s"
LogFormat        write   "%h %l %u %t \"%r\" %s %b"

# DNS resolution when processing logs.
UseReverseDNS          off
IdentLookups           off

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<Global>
DeleteAbortedStores    on
</Global>

 <Limit LOGIN>
    AllowGroup ftpusers
    DenyAll
  </Limit>

 <Limit WRITE>
    DenyAll
    </Limit>

  <Directory /ftproot/product/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/download/>
     <Limit READ>
        AllowAll
     </Limit>
     <Limit DELE MKD RMD XMKD XRMD STOR CWD XCWD>
        DenyAll
     </Limit>
  </Directory>

  <Directory /ftproot/upload/>
     <Limit STOR READ>
        AllowAll
     </Limit>
     <Limit CWD XCWD DELE MKD RMD XMKD XRMD>
        DenyAll
     </Limit>
  </Directory>
0
Comment
Question by:steno1122
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Expert Comment

by:TeRReF
ID: 17183803
Try changing these lines:
<Directory /ftproot/product/>
<Directory /ftproot/download/>
<Directory /ftproot/upload/>

To:
<Directory /ftproot/product/*>
<Directory /ftproot/download/*>
<Directory /ftproot/upload/*>

If that doesn't work, you might want to try to remove '/ftproot/' from those lines.
0
 
LVL 15

Accepted Solution

by:
mr_egyptian earned 200 total points
ID: 17198044
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question