View Poll Results: Do you think that gproftpd is useful ?

Voters
872. You may not vote on this poll
  • Yes, it's easy to use and really powerful

    473 54.24%
  • Yes, but i won't use it

    136 15.60%
  • No, the GUI has to be improved

    263 30.16%
Page 100 of 123 FirstFirst ... 50909899100101102110 ... LastLast
Results 991 to 1,000 of 1225

Thread: HOWTO : Create a FTP server with user access (proftpd)

  1. #991
    Join Date
    Dec 2008
    Beans
    57

    Talking Re: HOWTO : Create a FTP server with user access (proftpd)

    Quote Originally Posted by frodon View Post
    You should have all you need in first post about user creation but you are right with 1, 2 and 3. However you must also add in the LIMIT LOGIN section each user you want to be able to login the FTP server.
    Thank you so much for all your help, i will re-read you post. Im far from france but i definitively own you an (ubuntu grided-style) coffee

    thank again

    EDIT (Added): So if there is a way to mount the share folder into an user folder, this give us the possibility to mount an external device (such as a cd-rom) into the ftp. (remind me of those BBS-cd-rom we use to have in the old day )

    I also made a huge clean up in the system and on the shared disk. Removing confusing names and rebuilding the directory tree. Hope this will work fine in a fews.
    Last edited by loudog23; April 2nd, 2009 at 03:35 AM.

  2. #992
    Join Date
    Dec 2008
    Beans
    57

    Re: HOWTO : Create a FTP server with user access (proftpd)

    Here it is, all done, running smooth and like i wanted.
    Here some pointers for ppl who wants to make multiple user with private folders.

    To create a private folder for every user:

    1.Create the user: (almost same as creating 'userftp' (in frodon's How-To))
    -Using the GUI (system > Admin > user&group) create a userid.
    --Set the path of the home folder to '/home/FTP-shared/user2/'
    --Set '/bin/false'
    --Set group to 'userftp'

    2.Remove 'Examples.lnk' from the newly created home folder.
    -Open terminal window and go to 'cd /home/FTP-shared'
    --Take ownership of the folder (sudo chown youruserhere /home/FTP-shared/user2)
    --Delete the file '/home/FTP-shared/user2/Examples.lnk'
    --Give back the ownership to user2 (sudo chown user2 /home/FTP-shared/user2)
    I don't know if it is necessary to remove this file, but i do it since it link the user into your filesystem.

    3.Set Permision Localy for user2
    -Open terminal window and go to 'cd /home/FTP-shared'
    --Set permisision to 700 (or 755) for user2 (sudo chmod 700 /home/FTP-shared/user2)

    4.Set Permission inside proftpd.conf:
    -Open terminal window and edit the proftpd.conf files (sudo gedit /etc/proftpd/proftpd.conf)

    4.1.Add the user to #Valid Login
    Code:
    #Valid Login
    <Limit LOGIN>
    AllowUser userftp
    AllowUser user2
    DenyALL
    </Limit>
    4.2.Set Private access to user2 folder
    Code:
    # user2
    <Directory /home/FTP-shared/user2>
    Umask 022 022
    AllowOverwrite on
            <Limit ALL>
    		Order Allow,Deny
    		AllowUser user2
    		Deny ALL
    	</Limit>
    </Directory>
    To add a 3rd user, simply repeate step 1,2,3

    at 4.1, simply add the line for user3
    Code:
    #Valid Login
    <Limit LOGIN>
    AllowUser userftp
    AllowUser user2
    AllowUser user3
    DenyALL
    </Limit>
    at 4.2, copy/paste the section for user2 and change the user to user3

    Code:
    # user2
    <Directory /home/FTP-shared/user2>
    Umask 022 022
    AllowOverwrite on
            <Limit ALL>
    		Order Allow,Deny
    		AllowUser user2
    		Deny ALL
    	</Limit>
    </Directory>
    
    # user3
    <Directory /home/FTP-shared/user3>
    Umask 022 022
    AllowOverwrite on
            <Limit ALL>
    		Order Allow,Deny
    		AllowUser user3
    		Deny ALL
    	</Limit>
    </Directory>
    Frodon: Thank you so much again for this How-To!

  3. #993
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO : Create a FTP server with user access (proftpd)

    Quote Originally Posted by loudog23 View Post
    Frodon: Thank you so much again for this How-To!
    You're welcome, glad to see you server is up and running. I can't tell you how much time i spent the first time i tried to set up a FTP server, at this time i was new to linux too so i let you guess

  4. #994
    Join Date
    Mar 2007
    Beans
    15

    Re: HOWTO : Create a FTP server with user access (proftpd)

    First off, thank you to frodon for making this guide. It is well written and easy to follow.
    I was able to get through all the setup and configuration, also I followed the steps to configure sftp.
    When I completed all of these steps, I tried to start the server and I get this error.

    Code:
    tim@tim-desktop:~$ sudo /etc/init.d/proftpd start
    [sudo] password for tim: 
     * Starting ftp server proftpd                                                   - mod_dso/0.4: module 'mod_ctrls_admin.c' already loaded
     - Fatal: LoadModule: error loading module 'mod_ctrls_admin.c': Operation not permitted on line 15 of '/etc/proftpd/modules.conf'
                                                                             [fail]
    I tried to search for mod_ctrls_admin.c but a lot the results just point back to examples of /etc/proftpd/proftpd.conf.
    Here is my proftpd.conf
    Code:
    Include /etc/proftpd/modules.conf
    #
    # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    # 
    
    # Includes DSO modules
    Include /etc/proftpd/modules.conf
    
    # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
    UseIPv6				on
    # If set on you can experience a longer connection delay in many cases.
    IdentLookups			off
    
    # Choose here the user alias you want
    UserAlias	ftp76User	ftp76user
    
    ServerName			"ubuntu-ftp"
    ServerType			standalone
    DeferWelcome			on
    
    MultilineRFC2228		on
    DefaultServer			on
    ShowSymlinks			off
    
    TimeoutNoTransfer		600
    TimeoutStalled			100
    TimeoutIdle			2200
    
    DisplayLogin                    welcome.msg
    DisplayChdir               	.message true
    ListOptions                	"-l"
    
    RequireValidShell		off
    
    TimeoutLogin			20
    
    RootLogin			off
    
    #It's better for debug to create log files ;-)
    ExtendedLog			/var/log/ftp.log
    TransferLog			/var/log/xfer.log
    SystemLog			/var/log/syslog.log
    
    
    DenyFilter			\*.*/
    
    UseFtpUsers			off
    
    #Allow to restart a download
    AllowStoreRestart		on
    
    # Use this to jail all users in their homes 
    # DefaultRoot			~
    
    # Users require a valid shell listed in /etc/shells to login.
    # Use this directive to release that constrain.
    # RequireValidShell		off
    
    # Port 21 is the standard FTP port.
    Port				1980
    
    # In some cases you have to specify passive ports range to by-pass
    # firewall limitations. Ephemeral ports can be used for that, but
    # feel free to use a more narrow range.
    # PassivePorts                  49152 65534
    
    # If your host was NATted, this option is useful in order to
    # allow passive tranfers to work. You have to use your public
    # address and opening the passive ports used on your firewall as well.
    # MasqueradeAddress		1.2.3.4
    
    # This is useful for masquerading address with dynamic IPs:
    # refresh any configured MasqueradeAddress directives every 8 hours
    <IfModule mod_dynmasq.c>
    # DynMasqRefresh 28800
    </IfModule>
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			8
    
    # Set the user and group that the server normally runs at.
    User				nobody
    Group				nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022  022
    # Normally, we want files to be overwriteable.
    AllowOverwrite			on
    
    # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
    PersistentPasswd		off
    
    MaxClients 			8
    MaxClientsPerHost		8
    MaxClientsPerUser		8
    MaxHostsPerUser			8
    
    # Display a message after a successful login
    AccessGrantMsg "welcome!!"
    #This message is depsayed for each access good or not
    ServerIdent			on	"you're at home"
    
    # Set /home/FTP-shared as home directory
    DefaultRoot /home/FTP-shared
    
    # Lock all the users in home directory, ********* really important **********
    DefaultRoot			~
    
    MaxLoginAttempts		5
    
    #Valid Logins
    <Limit LOGIN>
    AllowUser ftp76user
    DenyALL
    </Limit>
    
    <Directory /home/FTP-shared>
    Umask 022 022
    AllowOverwrite off
    	<Limit MKD STOR DELE XMKD RNTO RMD XRMD>
    	DenyAll
    	</Limit>
    </Directory>
    
    <Directory /home/FTP-shared/music/*>
    Umask 022 022
    AllowOverwrite on
    		<Limit READ RMD DELE>
    		DenyAll
    		</Limit>
    </Directory>
    
    <Directory /home/FTP-shared/upload>
    Umask 022 022
    AllowOverwrite on
    	<Limit READ RMD DELE>
    	DenyAll
    	</Limit>
    
    	<Limit STOR CWD MKD>
    	AllowAll
    	</Limit>
    </Directory>
    
    # This is required to use both PAM-based authentication and local passwords
    # AuthOrder			*mod_auth_pam.c mod_auth_unix.c
    
    # Be warned: use of this directive impacts CPU average load!
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    #
    # UseSendFile			off
    
    # Choose a SQL backend among MySQL or PostgreSQL.
    # Both modules are loaded in default configuration, so you have to specify the backend 
    # or comment out the unused module in /etc/proftpd/modules.conf.
    # Use 'mysql' or 'postgres' as possible values.
    #
    #<IfModule mod_sql.c>
    # SQLBackend			mysql
    #</IfModule>
    
    
    <IfModule mod_quotatab.c>
    QuotaEngine off
    </IfModule>
    
    <IfModule mod_ratio.c>
    Ratios off
    </IfModule>
    
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default. 
    <IfModule mod_delay.c>
    DelayEngine on
    </IfModule>
    
    <IfModule mod_ctrls.c>
    ControlsEngine        off
    ControlsMaxClients    2
    ControlsLog           /var/log/proftpd/controls.log
    ControlsInterval      5
    ControlsSocket        /var/run/proftpd/proftpd.sock
    </IfModule>
    
    <IfModule mod_ctrls_admin.c>
    AdminControlsEngine off
    </IfModule>
    
    #
    # Alternative authentication frameworks
    #
    #Include /etc/proftpd/ldap.conf
    #Include /etc/proftpd/sql.conf
    
    
    <IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/ftpd/tls.log
        TLSProtocol TLSv1
    
        # Are clients required to use FTP over TLS when talking to this server?
        TLSRequired off
    
        # Server's certificate
        TLSRSACertificateFile /etc/ftpcert/server.crt
        TLSRSACertificateKeyFile /etc/ftpcert/server.key
    
        # CA the server trusts
        TLSCACertificateFile /etc/ftpcert/ca.crt
    
        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off
    </IfModule>
    
    
    #
    # This is used for FTPS connections
    #
    #Include /etc/proftpd/tls.conf
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User				ftp
    #   Group				nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias			anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser	on ftp
    #   DirFakeGroup on ftp
    # 
    #   RequireValidShell		off
    # 
    #   # Limit the maximum number of anonymous logins
    #   MaxClients			10
    # 
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin			welcome.msg
    #   DisplayFirstChdir		.message
    # 
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    # 
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask				022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    # 
    # </Anonymous>
    Here is my modules.conf

    Code:
    #
    # This file is used to manage DSO modules and features.
    #
    
    # This is the directory where DSO modules reside
    
    ModulePath /usr/lib/proftpd
    
    # Allow only user root to load and unload modules, but allow everyone
    # to see which modules have been loaded
    
    ModuleControlsACLs insmod,rmmod allow user root
    ModuleControlsACLs lsmod allow user *
    
    LoadModule mod_ctrls_admin.c
    LoadModule mod_tls.c
    
    # Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
    #LoadModule mod_sql.c
    
    # Install proftpd-mod-ldap to use this
    #LoadModule mod_ldap.c
    
    #
    # 'SQLBackend mysql' or 'SQLBackend postgres' directives are required 
    # to have SQL authorization working. You can also comment out the
    # unused module here, in alternative.
    #
    
    # Install proftpd-mod-mysql to use this
    #LoadModule mod_sql_mysql.c
    
    # Install proftpd-mod-pgsql to use this
    #LoadModule mod_sql_postgres.c
    
    LoadModule mod_radius.c
    LoadModule mod_quotatab.c
    LoadModule mod_quotatab_file.c
    
    # Install proftpd-mod-ldap to use this
    #LoadModule mod_quotatab_ldap.c
    
    # Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
    #LoadModule mod_quotatab_sql.c
    LoadModule mod_quotatab_radius.c
    LoadModule mod_wrap.c
    LoadModule mod_rewrite.c
    LoadModule mod_load.c
    LoadModule mod_ban.c
    LoadModule mod_wrap2.c
    LoadModule mod_wrap2_file.c
    # Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
    #LoadModule mod_wrap2_sql.c
    LoadModule mod_dynmasq.c
    
    
    # keep this module the last one
    LoadModule mod_ifsession.c
    I'm pretty sure that everything is setup correctly, but I'm sure anything is possible.

  5. #995
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO : Create a FTP server with user access (proftpd)

    You have the line Include /etc/proftpd/modules.conf twice in your proftpd.conf

  6. #996
    Join Date
    Mar 2007
    Beans
    15

    Re: HOWTO : Create a FTP server with user access (proftpd)

    ok, I got rid of the stray "include" line and now it says that my certificate file doesn't exist. Specifically:
    Code:
    tim@tim-desktop:~$ sudo /etc/init.d/proftpd start
    [sudo] password for tim: 
    * Starting ftp server proftpd                                                   
    - Fatal: TLSRSACertificateFile: '/etc/ftpcert/server.crt' does not exist on line 214 of '/etc/proftpd/proftpd.conf'
                                                                             [fail]
    I think that this is my question. Where does the certificate file come from? I tried to run the .crt file, which I assume is the certificate file, and it was blank.
    Last edited by foy1der; April 20th, 2009 at 11:13 PM.

  7. #997
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO : Create a FTP server with user access (proftpd)

    The certificate comes from you, it belongs to you to create a certificate for your encryption.
    Just follow the steps in first post and you should succeed creating one. Once you will have one in the right directory this error will disappear.

  8. #998
    Join Date
    Dec 2008
    Beans
    57

    Re: HOWTO : Create a FTP server with user access (proftpd)

    Quote Originally Posted by frodon View Post
    Bad idea in general to connect with your main user which have root access especially because he has root access.

    Anyway to allow your user it is as simple as adding your user in LIMIT LOGIN section and create an alias for him if you use aliases.

    If you want to go further proftp offers you a second way to handle users able to login via virtual users :
    http://www.castaglia.org/proftpd/doc...tualUsers.html
    Ok, so we then use a user to run the process 'userftp'

    What if:
    -I download and extract the package in home/userftp/
    -I ./configure --prefix=/home/userftp/proftpd
    -make, make install
    -Configure the ftp
    -Set owning and persmission of /home/userftp to userftp 750
    -Run the ftp as userftp

    Using this method,
    1) can i simply chroot userftp to /home/ftpuser/?
    2) does it create security "flaw" if i mount one of my /home/me/folder into the /home/ftpuser/download/?
    3) what about the /etc/ and /var/, will they be inside the chrotted folder also?
    4)is there any file i need to leave outside the chroot?

    Thx for any input, if im succesfful ill send a post to help chroot the server and install ot in a 'more' secure way

    thx again frodon for your time.
    lou

  9. #999
    Join Date
    May 2007
    Location
    Townsville, Australia
    Beans
    1,820
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: HOWTO : Create a FTP server with user access (proftpd)

    g'day,
    thansk so much for starting this thread.tihs looks like it might just be what i need

    im getting extremely frustrated trying to get this s/w to run consistently and any assistance would be great.


    i have a thread already with what i have done so far, and now my ftp server has decided to stop talking to my lan, let alone talk to the internet at all.


    my config follows

    ServerType standalone
    DefaultServer on
    Umask 022
    ServerName "0.0.0.0"
    ServerIdent on "My FTP Server"
    ServerAdmin email@example.org
    IdentLookups off
    UseReverseDNS off
    Port 21
    MasqueradeAddress "xxx.xxx.xxx.xxx"
    TimesGMT off
    MaxInstances 30
    MaxLoginAttempts 3
    TimeoutLogin 300
    TimeoutNoTransfer 120
    TimeoutIdle 120
    DisplayLogin welcome.msg
    DisplayChdir .message
    User nobody
    Group nobody
    DirFakeUser off nobody
    DirFakeGroup off nobody
    DefaultTransferMode binary
    AllowForeignAddress off
    AllowRetrieveRestart on
    AllowStoreRestart on
    DeleteAbortedStores on
    TransferRate RETR 220
    TransferRate STOR 250
    TransferRate STOU 250
    TransferRate APPE 250
    SystemLog /var/log/secure
    RequireValidShell off
    <IfModule mod_tls.c>
    TLSEngine off
    TLSRequired off
    TLSVerifyClient off
    TLSProtocol SSLv23
    TLSLog /var/log/proftpd_tls.log
    TLSRSACertificateFile /etc/gadmin-proftpd/certs/cert.pem
    TLSRSACertificateKeyFile /etc/gadmin-proftpd/certs/key.pem
    TLSCACertificateFile /etc/gadmin-proftpd/certs/cacert.pem
    TLSRenegotiate required off
    </IfModule>
    <IfModule mod_ratio.c>
    Ratios off
    SaveRatios off
    RatioFile "/restricted/proftpd_ratios"
    RatioTempFile "/restricted/proftpd_ratios_temp"
    CwdRatioMsg "Please upload first!"
    FileRatioErrMsg "FileRatio limit exceeded, upload something first..."
    ByteRatioErrMsg "ByteRatio limit exceeded, upload something first..."
    LeechRatioMsg "Your ratio is unlimited."
    </IfModule>
    <Limit LOGIN>
    AllowUser cocos
    DenyALL
    </Limit>

    <Anonymous /media/disk/coco-photos>
    User cocos
    Group dez
    AnonRequirePassword on
    MaxClients 5 "The server is full, hosting %m users"
    DisplayLogin welcome.msg
    <Limit LOGIN>
    Allow from all
    Deny from all
    </Limit>
    <Limit LIST NLST RETR PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
    AllowAll
    </Limit>
    <Limit STOR STOU APPE RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM >
    DenyAll
    </Limit>
    </Anonymous>



    i have given my pc a static ip of 192.168.1.1
    router is a billion 7402LM
    i have enabled port forward of port 20 & 21

    if i try and connect on my lan now i get his (output from my client - filezilla)
    (im trying to connect from the same pc just to test if it works or not)

    Status: Connecting to 127.0.0.1:21...
    Status: Connection established, waiting for welcome message...
    Response: 220 My FTP Server
    Command: USER testing
    Response: 331 Password required for testing
    Command: PASS *******
    Response: 230 Anonymous access granted, restrictions apply
    Command: SYST
    Response: 215 UNIX Type: L8
    Command: FEAT
    Response: 211-Features:
    Response: LANG en
    Response: MDTM
    Response: UTF8
    Response: REST STREAM
    Response: SIZE
    Response: 211 End
    Command: OPTS UTF8 ON
    Response: 200 UTF8 set to on
    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is the current directory
    Command: TYPE I
    Response: 200 Type set to I
    Command: PASV
    Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,xxx,xxx).
    Command: LIST
    Error: Connection timed out
    Error: Failed to retrieve directory listing



    any ideas/suggestions would be great to get it talking on the lan consistantly and get it talking to the net as well would be greatly appreciated.

    thanks
    Ubuntu user # 16304 www.nocleanfeed.com
    If someone asks you to sudo rm -rf anything, don't do it, and don't run any command with rm in it unless you know exactly what you're doing.things i have learnt changing from Xp pro to Ubuntu

  10. #1000
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO : Create a FTP server with user access (proftpd)

    Sorry stinger30au, we offer support for this tutorial only here.
    General proftpd config debug belongs elsewhere.

    Maybe drop your question in the proftpd forum if you don't get answers on ubuntuforums.

Page 100 of 123 FirstFirst ... 50909899100101102110 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •