Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th January 2009, 16:59
Squidge Squidge is offline
Junior Member
 
Join Date: Dec 2008
Posts: 29
Thanks: 9
Thanked 0 Times in 0 Posts
Default ProFTPD locking users

hello all.

A few things i need help with:

1 . How do i create a user for FTP usage only?
2 . How do I lock that user to /home/"user_name"/?

Your help will be greatly appreciated
Reply With Quote
Sponsored Links
  #2  
Old 16th January 2009, 13:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Do you want to use system users or virtual users, or does this not matter?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 16th January 2009, 13:13
Squidge Squidge is offline
Junior Member
 
Join Date: Dec 2008
Posts: 29
Thanks: 9
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Do you want to use system users or virtual users, or does this not matter?
i'd like to create a system user, and lock then to their home folder.

I have my admin ubuntu account which i sue and can access root folders, but i have someone who i want to lock down
Reply With Quote
  #4  
Old 17th January 2009, 11:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Try this:
Code:
useradd -d /home/sample_user -g users sample_user
passwd sample_user
In your proftpd.conf you need the directive
Code:
DefaultRoot ~
Please be aware that all system users can alse receive email (for example if someone sends to <username>@<hostname>). You could set up an alias in /etc/aliases to prevent this:
Code:
sample_user: /dev/null
Run
Code:
newaliases
afterwards and restart Postfix.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 19th January 2009, 09:33
Squidge Squidge is offline
Junior Member
 
Join Date: Dec 2008
Posts: 29
Thanks: 9
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Try this:
Code:
DefaultRoot ~
I already have this from your Perfect Server Guide, but it doesnt lock to home folder
Reply With Quote
  #6  
Old 20th January 2009, 20:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

What's in your proftpd.conf? What's the output of
Code:
netstat -tap
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 21st January 2009, 09:51
Squidge Squidge is offline
Junior Member
 
Join Date: Dec 2008
Posts: 29
Thanks: 9
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
What's in your proftpd.conf? What's the output of
Code:
netstat -tap
?
This is from netstat -tap:
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN      21129/mysqld
tcp        0      0 *:www                   *:*                     LISTEN      20080/apache2
tcp        0      0 *:ssh                   *:*                     LISTEN      4290/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      5206/master
tcp        0      0 *:https                 *:*                     LISTEN      20080/apache2
tcp        0    300 server1.yellow-zebr:ssh 207.138.98.253:40303    ESTABLISHED 6046/sshd: administ
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      5088/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      5126/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      5104/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      5061/couriertcpd
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      21010/proftpd: (acc
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      4290/sshd
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      5206/master
root@server1:/home/administrator#
And this is my ProFTPD.conf:
Code:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6				on
# If set on you can experience a longer connection delay in many cases.
IdentLookups			off

ServerName			"Debian"
ServerType			standalone
DeferWelcome			off

MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayChdir               	.message true
ListOptions                	"-l"

DenyFilter			\*.*/

# Use this to jail all users in their homes 
DefaultRoot	~
IdentLookups off
ServerIdent on "FTP Server ready."

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell		off

# Port 21 is the standard FTP port.
Port				21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress		1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				proftpd
Group				nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask				022  022
# Normally, we want files to be overwriteable.
AllowOverwrite			on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd		off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder			*mod_auth_pam.c mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile			off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend 
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend			mysql
#</IfModule>






TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default. 
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User				ftp
#   Group				nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias			anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser	on ftp
#   DirFakeGroup on ftp
# 
#   RequireValidShell		off
# 
#   # Limit the maximum number of anonymous logins
#   MaxClients			10
# 
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin			welcome.msg
#   DisplayFirstChdir		.message
# 
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
# 
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask				022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
# 
# </Anonymous>
Reply With Quote
  #8  
Old 22nd January 2009, 14:14
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Looks ok. What FTP client do you use? Are you sure you log in via FTP, or is it maybe SFTP or SCP?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 22nd January 2009, 14:15
Squidge Squidge is offline
Junior Member
 
Join Date: Dec 2008
Posts: 29
Thanks: 9
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Looks ok. What FTP client do you use? Are you sure you log in via FTP, or is it maybe SFTP or SCP?
I am using FileZilla, and logging using SFTP
Reply With Quote
  #10  
Old 23rd January 2009, 13:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Try FTP instead.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cacti and ISPConfig: Monitoring Tool VMartins Tips/Tricks/Mods 11 9th August 2008 18:37
Speed up Proftpd login for all users linuxfast Tips/Tricks/Mods 12 13th February 2007 19:55
Junk mail and spamassassin... sthompson Installation/Configuration 4 27th December 2006 16:11
Proftpd and FTP users Genin Server Operation 2 11th December 2006 14:13
Im thinking about throwing proftpd to the trashcan danf.1979 Installation/Configuration 2 23rd December 2005 09:27


All times are GMT +2. The time now is 01:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.