Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd August 2012, 15:12
Monotoba Monotoba is offline
Member
 
Join Date: May 2009
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Question ISPConfig3 pure-ftpd giving access to sda /

Hi,

After installing ISPConfig3 I was unable to access my websites via ftp. I had the usernames and passowrd correct and the deamon was running. I found a post that suggested removing and reinstalling pure-ftpd. I did so and I immediately got access with the proper username and password. However, pure-ftpd now allows my ftp users access to the drives root directory even though the ftp_user table show the proper path for the user's web folder.

pure-ftpd was started with: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -E -8 UTF-8 -B

I did try rebooting but I still have the same issue. Any help would be greatly appriciated.
Reply With Quote
Sponsored Links
  #2  
Old 23rd August 2012, 15:16
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,490
Thanks: 835
Thanked 5,526 Times in 4,346 Posts
Default

Ensure that you enabled virtualchroot in pure-ftpd as described in the perfects etup guide.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 23rd August 2012, 15:38
Monotoba Monotoba is offline
Member
 
Join Date: May 2009
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default

When I reinstalled I followed the steps in http://www.howtoforge.com/perfect-se...ispconfig-3-p4 including editing the conf file then restarting the service.

Here is my conf file:

# Configuration for pure-ftpd
# (this file is sourced by /bin/sh, edit accordingly)

# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone

# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=true

# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=

# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
# given uid and gid
UPLOADUID=
UPLOADGID=
Reply With Quote
  #4  
Old 23rd August 2012, 15:51
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,490
Thanks: 835
Thanked 5,526 Times in 4,346 Posts
Default

Just a guess, did you maybe use sftp to connect to the server and not ftp? sftp is not ftp (even if the name is similar), sftp is ssh and will not jail your user to the website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 23rd August 2012, 15:56
Monotoba Monotoba is offline
Member
 
Join Date: May 2009
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default

No I used Dreamweaver using ftp protocol and telent sending command manualy.

It seems to me that pure-ftp is not picking up the virtual root. Yet the path exists in the ftp_user table and it is using the username and passowrd info from that table...
Could I be missing a startup argument for pure-ftpd?


SQL result

Host: localhost
Database: dbispconfig
Generation Time: Aug 23, 2012 at 06:01 AM
Generated by: phpMyAdmin 3.3.10deb1 / MySQL 5.1.63-0ubuntu0.11.04.1
SQL query: SELECT * FROM `ftp_user` LIMIT 0, 30 ;
Rows: 1
ftp_user_id sys_userid sys_groupid sys_perm_user sys_perm_group sys_perm_other server_id parent_domain_id username password quota_size active uid gid dir quota_files ul_ratio dl_ratio ul_bandwidth dl_bandwidth
1 1 2 riud riud 1 1 [CUT USERNAME] [CUT PASSWORDHASH] -1 y web1 client1 /var/www/clients/client1/web1 -1 -1 -1 -1 -1




/etc/pure-ftpd/db/mysql.conf:

##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################


# Optional : MySQL server name or IP. Don't define this for unix sockets.

MYSQLServer 127.0.0.1


# Optional : MySQL port. Don't define this if a local unix socket is used.

# MYSQLPort 3306


# Optional : define the location of mysql.sock if the server runs on this host.

# MYSQLSocket /var/run/mysqld/mysqld.sock


# Mandatory : user to bind the server as.

MYSQLUser ispconfig


# Mandatory : user password. You must have a password.

MYSQLPassword [CUT PASSWORDHASH]


# Mandatory : database to open.

MYSQLDatabase dbispconfig


# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"

MYSQLCrypt crypt


# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.


# Query to execute in order to fetch the password

MYSQLGetPW SELECT password FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


# Query to execute in order to fetch the system user name or uid

MYSQLGetUID SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 1000


# Query to execute in order to fetch the system user group or gid

MYSQLGetGID SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


# Optional : default GID - if set this overrides MYSQLGetGID

#MYSQLDefaultGID 1000


# Query to execute in order to fetch the home directory

MYSQLGetDir SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = '1' AND username="\L"


# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTAFS SELECT quota_files FROM ftp_user WHERE active = 'y' AND server_id = '1' AND quota_files != '-1' AND username="\L"


# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTASZ SELECT quota_size FROM ftp_user WHERE active = 'y' AND server_id = '1' AND quota_size != '-1' AND username="\L"


# Optional : ratios. The server has to be compiled with ratio support.

MySQLGetRatioUL SELECT ul_ratio FROM ftp_user WHERE active = 'y' AND server_id = '1' AND ul_ratio != '-1' AND username="\L"
MySQLGetRatioDL SELECT dl_ratio FROM ftp_user WHERE active = 'y' AND server_id = '1' AND dl_ratio != '-1' AND username="\L"


# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .

MySQLGetBandwidthUL SELECT ul_bandwidth FROM ftp_user WHERE active = 'y' AND server_id = '1' AND ul_bandwidth != '-1' AND username="\L"
MySQLGetBandwidthDL SELECT dl_bandwidth FROM ftp_user WHERE active = 'y' AND server_id = '1' AND dl_bandwidth != '-1' AND username="\L"

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.

# MySQLForceTildeExpansion 1


# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

MySQLTransactions On

Last edited by Monotoba; 23rd August 2012 at 16:10.
Reply With Quote
  #6  
Old 24th August 2012, 17:12
Monotoba Monotoba is offline
Member
 
Join Date: May 2009
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default Still needing help with this!

During my investigation of this issue I have used telnet to login to the ftp server.

Upon login I get:

230-User {CUT USERNAME] has group access to: client1 sshusers
230 OK. Current directory is: /var/www/cleints/client1/web1

Yet connection via any ftp client using ftp protocol I get root access to the drive i.e. sda /

Any help with this issue would be greatly welcomed.
Reply With Quote
  #7  
Old 24th August 2012, 17:23
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,490
Thanks: 835
Thanked 5,526 Times in 4,346 Posts
Default

Are you really sure that you get root access and not that you see the content of the jail which looks like root as it contains folders with the same name then the web root? You can easily test that, login with ftp and create a file in the /root/ folder. Then login as root user with ssh and do a:

ls -la /root/

Do you get the file listed that you created with ftp? If not then you see the jail in ftp and not the root directory.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 24th August 2012, 17:36
Monotoba Monotoba is offline
Member
 
Join Date: May 2009
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default Response

Yes, I can see and navigate to all directories on the drive begging at sda/ but cannot modify all directories. However, I should be placed in the web1 folder and that is not happening... Even though it is reported as my directory via telnet. Dreamweaver and Filezilla both place me at: /
Reply With Quote
  #9  
Old 24th August 2012, 19:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,490
Thanks: 835
Thanked 5,526 Times in 4,346 Posts
Default

Please post the output of:

ls -la /var/www/cleints/client1/web1
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 24th August 2012, 19:13
Monotoba Monotoba is offline
Member
 
Join Date: May 2009
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Should this be ran as the root user? If so,

ls: cannot access /var/www/cleints/client1/web1: No such file or directory
However, the directory does exist and the site is being served from it. I just had to navigate to it in ftp client to upload files.
Permissions on the directory are: client1 and web1 users and groups created by ISPConfig. I assume root can't see the
directoy because jailkit has him locked out?

Using Putty and issuing the commands:
PWD -> /var/www/clients/web1
CWD / -> "/" is now your current directory
PWD -> /

Hope this helps you help me?

Last edited by Monotoba; 24th August 2012 at 19:48.
Reply With Quote
Reply

Bookmarks

Tags
ispconfig3, path, pute-ftpd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict ISPConfig3 access to certain IPs concept21 Tips/Tricks/Mods 8 23rd August 2012 22:34
MySQL Error Nolan Installation/Configuration 12 16th February 2011 03:15
Webmin upgrade lishaw1968 Installation/Configuration 15 26th August 2010 16:23
amavis rejects all inbound emails aclhkaclhk Installation/Configuration 5 28th February 2010 05:24
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 19:26


All times are GMT +2. The time now is 21:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.