Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th April 2012, 12:01
daseagle daseagle is offline
Junior Member
 
Join Date: Oct 2011
Posts: 19
Thanks: 5
Thanked 0 Times in 0 Posts
Default User access problems via ProFtpd in Centos 5.7 x64

Hello!

It all started with the need to provide sftp access to various users. I managed to install Proftpd and it everything works as needed, except the user access control. It is quite possible that something outside proftpd is the problem and I'm missing it.


I have the following setup:

Several websites, all located as follows:

/var/www/html/site1
/var/www/html/site2
/var/www/html/site2/subdomain_site2

I need to provide access as follows:

User1 full read/write to /var/www/html
User2 full read/write to /var/www/html/site1
User3 full read/write to /var/www/html/site2/subdomain_site2

All these users need to be restricted to their directories, without being able to cd or ls outside their place.
-----------

Edit: for some reason I seem have two proftpd configuration files. One is /etc/proftpd.vhosts.conf and the other is in /usr/etc/proftpd.conf . Kind lost me here, which one am I supposed to edit?

Also, isn't it possible to achieve the lock down effect I'm chasing via /etc/security/chroot.conf ? Which one would be easier?

Last edited by daseagle; 12th April 2012 at 13:12.
Reply With Quote
Sponsored Links
  #2  
Old 13th April 2012, 16:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

You can use the
Code:
DefaultRoot ~
directive in your proftpd.conf to lock users to their home directories.

Quote:
Edit: for some reason I seem have two proftpd configuration files. One is /etc/proftpd.vhosts.conf and the other is in /usr/etc/proftpd.conf . Kind lost me here, which one am I supposed to edit?
What's the output of
Code:
updatedb
locate proftpd.conf
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 13th April 2012, 20:23
daseagle daseagle is offline
Junior Member
 
Join Date: Oct 2011
Posts: 19
Thanks: 5
Thanked 0 Times in 0 Posts
Default

[root@server1 ~]# locate proftpd.conf
/etc/proftpd.conf.rpmsave
/etc/fail2ban/filter.d/proftpd.conf
/usr/etc/proftpd.conf

--------

The Defaultroot ~ directive is present and uncommented in /usr/etc/proftpd.conf file.

--------

The user that is connecting via sftp has its home directory as /var/www/html , but it is able for some reason to freely roam around much of the filesystem.

Just found out something, maybe this will provide a clue: if I log in via FTP, I mean classic FTP, it does lock me into my home directory and I can't browse any upper level. It looks like the problem only shows up when I'm using SFTP. Unfortunately SFTP is an absolute must in my situation.

Kinda makes me wonder, if my problem isn't buried somewhere in sshd rather than the ftp part itself. Unfortunately I can't really tell

I ran across some articles speaking about easy chroot option introduced into Openssh, which require version 4.9p (I have 4.3.o2). Yum update did not find any updates, so I guess the needed mirrors are not present in my config and I'm wary of updating it manually since I'm not near the server during the weekend and I'd hate to break something.

--------

The server is pretty much based on your tutorials (many deep thanks for those!) - except the proftpd part.

Last edited by daseagle; 14th April 2012 at 00:34.
Reply With Quote
  #4  
Old 14th April 2012, 12:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Does the user use SFTP or FTPS? The first has nothing to do with FTP (therefore it's independent from ProFTPd).

How did you install ProFTPd? I wonder why there's no /etc/proftpd.conf...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
daseagle (16th April 2012)
  #5  
Old 15th April 2012, 09:14
daseagle daseagle is offline
Junior Member
 
Join Date: Oct 2011
Posts: 19
Thanks: 5
Thanked 0 Times in 0 Posts
 
Default

Confused here

I guess I'm using SFTP since its connecting over the same port as ssh. Btw, there seems to be a lot of confusion on the net as to which one is which :P

I installed Proftpd all by myself, downloaded it from proftpd.org, compiled, made it work. And it does work too, since via normal ftp the server greets me with the custom message I set and all that.

I did not know that SFTP is independent and not related to proftpd. I did wonder about it though, I just don't have the knowledge yet. I guess this means that I can just go ahead and remove it?

It still leaves my original problem

--

Late night edit: while I was at it, I managed to update OpenSsh to 5.8. Server still works after restart :P

I tried playing around with what you wrote here, but after restarting sshd my sftp client would not connect.

If you want to, you can close / kill this thread, since it is painfully obvious (even) to me that my problem is actually hidden in sshd and permissions and it has nothing to do with proftpd.

I just need 2 basic things: SFTP and a way for three users to write into 3 places, all under var/www/html. Can anyone help me achieve this in a reasonable time-frame?

-----------------

SOLVED.

1. Created the sftponly group.

2. Created a user that is located in /home/user1. Chowned recursively to root:root.

3. Mounted the /var/www/html/site1 directory to the /home/user1/site1 directory. Then to permit write access, I chowned recursively the /home/user1/site1 directory.

http://ubuntuforums.org/showthread.php?t=858475 - this helps a lot. The part with the force user login directory is a must.

Last edited by daseagle; 16th April 2012 at 04:07.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dovecot start problem veneficus Installation/Configuration 3 10th April 2012 17:39
Problems connecting my HTC Desire outgoing mail client to Postfix and ISP Config 2 j.smith1981 Server Operation 6 12th July 2010 19:07
Centos 5.2 + ISPConfig 3 tutorial - Problem with email tanakskool Server Operation 1 3rd June 2009 16:22
The system is currently updating the configuration files. warlock General 8 21st February 2009 18:15
ProFTPd on CentOS, many small problems ProTrooper Installation/Configuration 3 7th October 2005 16:26


All times are GMT +2. The time now is 10:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.