Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

How to create a pro-FTPd user on linux ?

Dear Experts:

I would like to create a user which can upload and download files and directories by FTP, but without having access to all my server directories: just its home directory (and all its subdirectories). Also, I don't want to give him access to console (I mean, accessing using telnet or putty on ssh).
 
My server is a dedicated server, which I installed xampp (from apache-friends) over suse-linux enterprise 10 server. The FTP server is pro-FTPd, which is included whan installing xampp.

It's possible to create this restricted user ?

Many thanks.
0
gplana
Asked:
gplana
  • 5
  • 4
1 Solution
 
ravenplCommented:
Sure, first create system use without password (password should be mangled like '*' or '!!' - meaning one cannot login).

Then to the proftpd.conf You may add

UserPassword theUsername theCryptedPassword

where the theCryptedPassword is output from
# perl -e 'print crypt("plainPassHere", rand(100))'
0
 
gplanaAuthor Commented:
Thank you for your answer.

I understand that this prevents user to login by telnet or SSH. My doubt now is if the crypted password is the same as it appears on the shadow file ?

Also, what I need now is "just" to restrict this FTP user to allow access only to its own home directory. Is this possible ?
0
 
ravenplCommented:
> My doubt now is if the crypted password is the same as it appears on the shadow file ?
No, it's weak des based has (shadows has md5 or blowfish or sha-*)

> Also, what I need now is "just" to restrict this FTP user to allow access only to its own home directory. Is this possible ?
DefaultRoot ~
# http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
gplanaAuthor Commented:
Thank you for your answer. Now I understand a little more.

However, I haven't been able to login with my new created user. I attach my proftpd.conf file in order you can show me if I'm doing something wrong.

User tsavellana already exists on my passwd and shadow files, however, I put an * at the password field on shadow file in order this user cannot login by using putty.

Thank you for all. Best Regards.
0
 
gplanaAuthor Commented:
Here is the attached file. I changed its ".conf" extension to ".txt" in order this site doesn't allow ".conf" files.
proftpd.txt
0
 
ravenplCommented:
UserAlias tsavellana ftp
says to proftpd that if someone uses "tsavellana" as username then authenticate against "ftp" user. So in Your case You want
UserPassword ftp 58Ydm7H5BbRmMT
0
 
gplanaAuthor Commented:
Sorry, but it seems DefaultRoot clause doesn't restrict anything.

Maybe my executing ftp server process is a standard FTP installed automatically when I installed linux (SUSE enterprise 10) and proftpd is not executing properly ?

I say that because I tried to make some changes on proftpd.conf file and it seems they doesn't take effect.

Thank you.
0
 
ravenplCommented:
> Sorry, but it seems DefaultRoot clause doesn't restrict anything.
Right - it has no meaning in <Anonymous > clause. <Anonymous /here> already restricts You to /here - no point in DefaultRoot here.

> I say that because I tried to make some changes on proftpd.conf file and it seems they doesn't take effect.
You have restarted proftpd and it was success?
0
 
gplanaAuthor Commented:
Yes, I restarted it with appearly no errors. However, when restarting it says "no process running" as if it wasn't abel to kill the previous process.

I installed xampp from apache friends over a standard suse linux, and now I think there was another FTP server installed before, which I suppose can be in conflict with xampp's proftpd component.

I understand that this is another question, so do you want I open another question with its own points ?

Thank you.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now