Can you attach the three log files?
Yes, it's easy to use and really powerful
Yes, but i won't use it
No, the GUI has to be improved
Can you attach the three log files?
I bet your ftp user (userftp) don't have "/home/FTP-shared" well set as home directory as the DefaultRoot ~ command will look this field to know where to lock the user.
hmmmm when i go to SYSTEM - USER AND GROUPS......i see my accounts...once my personally account (mcfil) and once the user "USERFTP". so, now when i click preferences, there is a field with "personally folder - /home/FTP-shared" <<<--- well, guys...so thats right!!! or not?!??
If there's no typo it should be right but i have seen some strangeness already with user creation. So either re-create your user or save it again then reboot, maybe things have not been updated.
okay i will try it...i've set the usercreation by your howto...via console..next time i will try to do it via GUI...let me test.....
thx a lot bye bye
//EDIT//
no chance, frodon! i tried...i've created "userftp" via GUI, edited new the proftpd.conf...nothin..still the same problem! its veryyy veeeerry strange!
no ideas?! i think i have to go back to windows server 2008! (((
Last edited by mcfil; May 26th, 2010 at 02:50 PM.
Hey All,
I am trying to figure out how to get the permissions for the ftp folders to work correctly.
I have 2 different users setup just for the FTP access userftp and user2 what I want to do is all userftp to download from the download folder only. And then user2 I want to allow them to upload files to the upload folder only. How do I do this? Below is a copy of my proftpd.conf file. Most of this file I have taken from other peoples posts on this forum and then made some changes to it.
Thanks
#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias upload userftp
ServerName "McDade-Woodcock FTP Test Server"
ServerType standalone
DeferWelcome on
MasqueradeAddress my.ip.is.here
PassivePorts 60000 60100 #this is a range, not just two ports
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayFirstChdir .message
ListOptions "-l"
RequireValidShell off
TimeoutLogin 20
RootLogin on
# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (use it to ban users by
just writing their username in it)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
# Port 21 is the standard FTP port, so don't use it for security
reasons (choose here the port you want)
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "Welcome to McDade-Woodcock's FTP Test Server"
# This message is displayed for each access good or not
ServerIdent on "McDade-Woodcock FTP Test Server"
# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared
# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~
MaxLoginAttempts 3
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>
<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
Your config looks good, you just need to define an alias name for user2.
i added user2 as an UserAlias but when I restarted the FTP server I can't logon to the ftp site using any of the user logins. I get error 530. I have been messing with this thing all morning and I can't get it working. What am I doing wrong?
#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias upload userftp
UserAlias upload user2
ServerName "McDade-Woodcock Test FTP Server"
ServerType standalone
DeferWelcome on
MasqueradeAddress 192.168.1.65
PassivePorts 60000 60100 #this is a range, not just two ports
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
RequireValidShell on
TimeoutLogin 20
#RootLogin on
# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (use it to ban users by
#just writing their username in it)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
# Port 21 is the standard FTP port, so don't use it for security
#reasons (choose here the port you want)
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "Welcome to McDade-Woodcock's test FTP Server"
# This message is displayed for each access good or not
ServerIdent on "MWI ftp server"
# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared
# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~
MaxLoginAttempts 3
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>
<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
Allowuser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
Ok, i think you missed a point about user alias and LIMIT LOGIN section.
In LIMIT LOGIN sections what you allow or deny is real system user(s) and each of these allowed system users should have an alias to login (when you login you use the alias name).
In your case your system users have both the same alias name "upload" so this can't work.
Hey Frodon,
Your last post makes total sense! Thanks for helping me understand that part of the conf file. I am pretty new to Ubuntu so this is all very interesting, new and frustrating! Thanks for your help!!! I am very grateful for it!
But.... It's still is not working. I changed the Alias to the following:
UserAlias download userftp
UserAlias upload user2
still no go....
I even added my user user profile to the conf file as a test, with a Alias as well and still no go...
Could there be something wrong with the user profiles?
Thanks
#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias download userftp
UserAlias upload user2
ServerName "McDade-Woodcock Test FTP Server"
ServerType standalone
DeferWelcome on
#MasqueradeAddress 192.168.1.65
PassivePorts 60000 60100 #this is a range, not just two ports
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
RequireValidShell off
TimeoutLogin 20
RootLogin off
# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (use it to ban users by
#just writing their username in it)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
# Port 21 is the standard FTP port, so don't use it for security
#reasons (choose here the port you want)
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "Welcome to McDade-Woodcock's test FTP Server"
# This message is displayed for each access good or not
ServerIdent on "MWI ftp server"
# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared
# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~
MaxLoginAttempts 3
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>
<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
Allowuser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
Bookmarks