Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st March 2007, 18:21
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default Web-FTP Directory Protection

I have tried protecting a directory (here images_layout2) using Web-FTP.

Web-FTP says: FTP: Failed to write /web/images_layout2/.htpasswd

However .htpasswd exists afterwards, but is empty:

Code:
-rw-r--r--  1 webXX_admin webXX    0 Mar 21 18:18 .htpasswd
Any ideas?

PS. Is the problem with using Web-FTP on large accounts solved already somehow?
Reply With Quote
Sponsored Links
  #2  
Old 22nd March 2007, 11:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,955
Thanks: 825
Thanked 5,362 Times in 4,209 Posts
Default

Please check your proftpd configuration if upload of hidden files (beginning with a dot) is allowed.

Quote:
PS. Is the problem with using Web-FTP on large accounts solved already somehow?
No, because this will need a rewrite of webFTP in most parts.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 23rd March 2007, 15:54
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

I am not very sure if that is the problem about what's going on here...
I guess it's a proftp issue. (v1.2.10 with Debian Sarge)
I am also sometimes having trouble using mod_tls which produces errors on binary mode data connections in ssl mode *only*. Well this is off-topic, but anyway when I try to create this directory protection, proftp debug mode says the following.
I have now completely disabled SSL (and I am also convinced ISPConfig did not use FTP over SSL to connect) but still there are errors.

Code:
localhost.localdomain (127.0.0.1[127.0.0.1]) - USER webxx_admin: Login successful.
localhost.localdomain (127.0.0.1[127.0.0.1]) - opening TransferLog '/var/log/xferlog'
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_auth_file
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_auth_unix
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "setpwent" to module mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "setpwent" to module mod_auth_file
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "setpwent" to module mod_auth_unix
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_auth_file
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_auth_unix
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwent" to module mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwent" to module mod_auth_file
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwent" to module mod_auth_unix
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getgrent" to module mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getgrent" to module mod_auth_file
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching auth request "getgrent" to module mod_auth_unix
localhost.localdomain (127.0.0.1[127.0.0.1]) - Preparing to chroot() the environment, path = '/local/home/www/webxx'
localhost.localdomain (127.0.0.1[127.0.0.1]) - Environment successfully chroot()ed.
localhost.localdomain (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/', fullpath = '/local/home/www/webxx/'.
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap
localhost.localdomain (127.0.0.1[127.0.0.1]) - mod_cap/1.0: capabilities '= cap_net_bind_service+ep'
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_readme
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_delay
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_tls
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ratio
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_quotatab
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_log
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ls
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'PASS (hidden)' to mod_auth
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_log
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_ratio
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'TYPE I' to mod_rewrite
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'TYPE I' to mod_tls
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'TYPE I' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'TYPE I' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching CMD command 'TYPE I' to mod_xfer
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD command 'TYPE I' to mod_log
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PORT 127,0,0,1,178,103' to mod_rewrite
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PORT 127,0,0,1,178,103' to mod_tls
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PORT 127,0,0,1,178,103' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PORT 127,0,0,1,178,103' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching CMD command 'PORT 127,0,0,1,178,103' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/', fullpath = '/local/home/www/webxx/'.
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD command 'PORT 127,0,0,1,178,103' to mod_log
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_rewrite
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_tls
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_core
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_ratio
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_quotatab
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'STOR /web/images_layout2/.htpasswd' to mod_xfer
localhost.localdomain (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/web/images_layout2/.htpasswd', fullpath = '/local/home/www/webxx/web/images_layout2/.htpasswd'.
localhost.localdomain (127.0.0.1[127.0.0.1]) - in dir_check_full(): setting umask to 0022 (was 0022)
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching CMD command 'STOR /web/images_layout2/.htpasswd' to mod_xfer
localhost.localdomain (127.0.0.1[127.0.0.1]) - active data connection opened - local  : 127.0.0.1:20
localhost.localdomain (127.0.0.1[127.0.0.1]) - active data connection opened - remote : 127.0.0.1:45671
==> localhost.localdomain (127.0.0.1[127.0.0.1]) - Transfer aborted after 17 bytes in 0.00 seconds
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD_ERR command 'STOR /web/images_layout2/.htpasswd' to mod_radius
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching POST_CMD_ERR command 'STOR /web/images_layout2/.htpasswd' to mod_quotatab
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD_ERR command 'STOR /web/images_layout2/.htpasswd' to mod_log
localhost.localdomain (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD_ERR command 'STOR /web/images_layout2/.htpasswd' to mod_xfer
I guess upgrading to etch (really soon now) with an updated proftp might just fix it

Also, why do you actually use FTP in the background? It's cool to call it "WebFTP" but since ISPConfig is not designed for multiple physical machines, just accessing files locally would be enough, wouldn't it?

Regards,
Marc
Reply With Quote
  #4  
Old 24th March 2007, 14:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What's in your /etc/proftpd.conf?

Quote:
Originally Posted by jmroth
Also, why do you actually use FTP in the background? It's cool to call it "WebFTP" but since ISPConfig is not designed for multiple physical machines, just accessing files locally would be enough, wouldn't it?
You need to access the files with the correct user due to ownerships and permissions, that's why we use FTP. The ISPConfig web server runs under the user admispconfig, so if we tried to access files locally, this would happen as admispconfig and will lead to permission problems.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 24th March 2007, 15:34
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

Code:
ServerName                      "blah"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

Port                            21

MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

DelayEngine                     off

DefaultRoot ~

IdentLookups            off
UseReverseDNS           off
TransferLog             /var/log/xferlog

<IfModule mod_tls.c>
      TLSEngine on
      TLSLog /var/log/proftpd/proftpd_tls.log
      TLSRequired off
      TLSVerifyClient off
      TLSRSACertificateFile /etc/ftpcert/host.cert
      TLSRSACertificateKeyFile /etc/ftpcert/host.key
      TLSProtocol TLSv1 # only needed in main config
</IfModule>

Include /etc/proftpd_ispconfig.conf # this file now follows:

DefaultAddress 127.0.0.1
<VirtualHost 88.198.xxx>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
</VirtualHost>
<VirtualHost 88.198.xxx>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
        <Anonymous /local/home/www/webx/ftp>
          User                          webx_anonftp
          Group                         webx_anonftp
          UserAlias                     anonymous webx_anonftp
          UserAlias                     guest webx_anonftp
          MaxClients                    10
          <Directory *>
            <Limit WRITE>
              DenyAll
            </Limit>
          </Directory>
          <Directory /local/home/www/webx/ftp/incoming>
            Umask                       002
            <Limit STOR>
              AllowAll
            </Limit>
            <Limit READ>
              DenyAll
            </Limit>
          </Directory>
        </Anonymous>
</VirtualHost>
<VirtualHost 88.198.xxx>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
</VirtualHost>
<VirtualHost 88.198.xxx>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
</VirtualHost>
<VirtualHost 88.198.xxx>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
</VirtualHost>
<VirtualHost 88.198.xxx>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
</VirtualHost>
I have also started a thread in the proftp forums as this might be a proftp issue...
http://forums.proftpd.org/smf/index.php?topic=2809.0
Reply With Quote
  #6  
Old 25th March 2007, 15:05
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Have you tried to remove
Code:
<IfModule mod_tls.c>
      TLSEngine on
      TLSLog /var/log/proftpd/proftpd_tls.log
      TLSRequired off
      TLSVerifyClient off
      TLSRSACertificateFile /etc/ftpcert/host.cert
      TLSRSACertificateKeyFile /etc/ftpcert/host.key
      TLSProtocol TLSv1 # only needed in main config
</IfModule>
from the configuration?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 26th March 2007, 23:34
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
 
Default

Yeah I tried that one too already. Without success.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
directories in /home/admispconfig/ispconfig renamed? Spudchat General 10 12th April 2007 19:37
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
Mysterious Install Problem tgansert Installation/Configuration 5 9th May 2006 15:35
setup fails on debian 3.1 dtrumbower Installation/Configuration 7 7th March 2006 13:42
Update to 2.2.0 question brianetilley Installation/Configuration 10 4th March 2006 17:02


All times are GMT +2. The time now is 11:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.