HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   proftpd defaultroot in vhosts not working (http://www.howtoforge.com/forums/showthread.php?t=53906)

bluethundr 25th August 2011 11:55

proftpd defaultroot in vhosts not working
 
Hello,

I am attempting to setup a proftpd server. But I have a couple of things wrong with my config and I was hoping that you wouldn't mind sharing an opinion.


I have two vhosts setup. Here they are:

Code:


# ----------------------------------------------------
# ftp.example.net
# external server
#
<VirtualHost xx.xx.xx.xx>
ServerAdmin            bluethundr@ftp-data                   
ServerName              "JF FTP Server"
TransferLog            /var/log/proftpd/ftp.example-internal.net
MaxLoginAttempts        3
RequireValidShell      no
DefaultRoot            /var/www/html/ftp-data
User                    nobody
Group                  nobody
AllowOverwrite          yes

<Directory /var/www/html/ftp-data>
                <Limit ALL>
                        AllowUser bluethundr
                        AllowUser rerekson
                        AllowUser jfuser
                        DenyAll
                </Limit>
</Directory>

</VirtualHost>
#
# ----------------------------------------------------
# ftp.example.net
# external ftp server
#
<VirtualHost 192.168.1.30>
ServerAdmin            bluethundr@email.com                   
ServerName              "JF FTP Server"
TransferLog            /var/log/proftpd/ftp.example.net
MaxLoginAttempts        3
RequireValidShell      no
DefaultRoot            /var/www/html/ftp-data
User                    nobody
Group                  nobody
AllowOverwrite          yes
MasqueradeAddress      xx.xx.xx.xx
PassivePorts            60000 65535

<Directory /var/www/html/ftp-data>
                <Limit ALL>
                      AllowUser bluethundr
                      AllowUser rerekson
                      AllowUser jfuser
                      DenyAll       
                </Limit>
</Directory>


</VirtualHost>

What happens is that you can connect to the FTP server, log in and enter passive mode. You can list the directory. But the problem is, that the directory you find yourself in once you log into the machine is your home directory. If you'll notice I have my apache document root set as the DefaultRoot value in the vhost configs.

In the server config above the DefaultRoot is set to ~ and that's what the config seems to be telling proftpd to listen to. I have no idea at this point why the config is not telling proftp to use all the directives in the vhost conf. And as far as I understand the way the vhost confs are setup is what is allowing the server to enter passive mode and list the directory in the first place.

But because the DefaultRoot is a directory that I have not defined using the <Directory> directive you cannot upload, download or go into the subdirectories in that folder.

I've even tried to force the vhosts to be used by entering the

Code:

Port 0
Directive which, if I undertand correctly, gets proftd to only work with the vhost configs if you have port 20 enabled in those locations.

Here is my full config:

Code:

# This is the ProFTPD configuration file
#
# See: http://www.proftpd.org/docs/directives/linked/by-name.html

# Server Config - config used for anything outside a <VirtualHost> or <Global> context
# See: http://www.proftpd.org/docs/howto/Vhost.html

ServerName                        "ProFTPD server"
ServerIdent                        on "FTP Server ready."
ServerAdmin                        root@localhost
DefaultServer                        on

# Cause every FTP user except adm to be chrooted into their home directory
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat/477120)
VRootEngine                        on
DefaultRoot                        ~ !adm
VRootAlias                        etc/security/pam_env.conf /etc/security/pam_env.conf

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig                        proftpd
AuthOrder                        mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd                off

# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS                        off

# Set the user and group that the server runs as
User                                nobody
Group                                nobody

# Don't use the server config - vhosts only!
Port                            0

# Debug Level - set to max currently
DebugLevel                      10

# Extended log
ExtendedLog                    /var/log/proftpd/pftpd-extended.log

MaxInstances                        20

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile                        off




# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable
  Umask                                022

  # Allow users to overwrite files and change permissions
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>

</Global>



# ----------------------------------------------------
# ftp.example.net
# external server
#
<VirtualHost xx.xx.xx.xx>
ServerAdmin            bluethundr@ftp-data                   
ServerName              "JF FTP Server"
TransferLog            /var/log/proftpd/ftp.example-internal.net
MaxLoginAttempts        3
RequireValidShell      no
DefaultRoot            /var/www/html/ftp-data
User                    nobody
Group                  nobody
AllowOverwrite          yes
Port                      20

<Directory /var/www/html/ftp-data>
                <Limit ALL>
                        AllowUser bluethundr
                        AllowUser rerekson
                        AllowUser jfuser
                        DenyAll
                </Limit>
</Directory>

</VirtualHost>
#
# ----------------------------------------------------
# ftp.example.net
# external ftp server
#
<VirtualHost 192.168.1.30>
ServerAdmin            bluethundr@ftp-data                   
ServerName              "JF FTP Server"
TransferLog            /var/log/proftpd/ftp.example.net
MaxLoginAttempts        3
RequireValidShell      no
DefaultRoot            /var/www/html/ftp-data
User                    nobody
Group                  nobody
AllowOverwrite          yes
MasqueradeAddress      xx.xx.xx.xx
PassivePorts            60000 65535
Port                      20

<Directory /var/www/html/ftp-data>
                <Limit ALL>
                      AllowUser bluethundr
                      AllowUser rerekson
                      AllowUser jfuser
                      DenyAll       
                </Limit>
</Directory>


</VirtualHost>



All times are GMT +2. The time now is 07:03.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.