Very Computer

Some users can login, but cannot get a directory listing, some users
can login but not u/l, and yet other users can login but cannot u/l or
d/l.

Personal folders have owner & group as their login names. All users
(through Samba) have access to the appropriate folders and work
flawlessly in-house.

--------------------------------------------------------------------
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.6 2003/09/24 10:51:11 dude Exp $

ServerName                      "ProFTPD server"
ServerIdent on "FTP Server ready."

ServerType standalone
#ServerType                     inetd
AccessGrantMsg                  "User %u logged in."
#DisplayConnect                 /etc/ftpissue
#DisplayLogin                   /etc/ftpmotd
#DisplayGoAway                  /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot                     ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative            off

# Do not perform ident nor DNS lookups (hangs when the port is
filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Default to show dot files in directory listings
ListOptions                     "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228               off
#RootLogin                      off
#LoginPasswordPrompt            on
#MaxLoginAttempts               3
#MaxClientsPerHost              none
#AllowForeignAddress            off     # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User                            ftp
Group                           ftp

# This is where we want to put the pid file
ScoreboardFile                  /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
AllowOverwrite on
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
AllowRetrieveRestart on
AllowStoreRestart on
DefaultTransferMode binary
DefaultChdir /home
DeleteAbortedStores off
RootLogin off
AuthAliasOnly off
</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine                      on
#TLSRequired                    on
#TLSRSACertificateFile          /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile       /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite                 ALL:!ADH:!DES
#TLSOptions                     NoCertRequest
#TLSVerifyClient                off
##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
#TLSLog                         /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp
#  AccessGrantMsg               "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as
"ftp"
#  UserAlias                    anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                   10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir                        /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README*
files.
#  DisplayLogin                 /welcome.msg
#  DisplayFirstChdir            .message
#  DisplayReadme                        README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser                  on ftpadm
#  DirFakeGroup                 on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite             no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good
idea!)
#  WtmpLog                      off
#
#  # Logging for the anonymous transfers
#  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

<VirtualHost ftp.tconsulting.org>
DefaultRoot ~ !ftpusers
DefaultRoot /home ftpusers
AllowRetrieveRestart on
AllowStoreRestart on
DefaultServer on
DefaultTransferMode binary
<Limit STOR>
  AllowAll
</Limit>
# MasqueradeAddress 10.4.10.4
DeleteAbortedStores off

ServerName "T Consulting"
RootLogin off
</VirtualHost>

-----------------------------------------------------
Any help would be greatly appreciated.

Quote:>I am behind a firewall and my local computers can login as any user
>with WS-FTP, FTP Voyager, and Coffee Cup and do all normal ftp
>activities. My external users, however, experience the following
>problems:

>Some users can login, but cannot get a directory listing, some users
>can login but not u/l, and yet other users can login but cannot u/l or
>d/l.

This does not explain the 3 different types of behavior, but it might be
worth checking to see if your firewall allows both active and passive
transfers to/from external users.

Some users can login, but cannot get a directory listing, some users
can login but not u/l, and yet other users can login but cannot u/l or
d/l.

Personal folders have owner & group as their login names. All users
(through Samba) have access to the appropriate folders and work
flawlessly in-house.

--------------------------------------------------------------------
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.6 2003/09/24 10:51:11 dude Exp $

ServerName                      "ProFTPD server"
ServerIdent on "FTP Server ready."

ServerType standalone
#ServerType                     inetd
AccessGrantMsg                  "User %u logged in."
#DisplayConnect                 /etc/ftpissue
#DisplayLogin                   /etc/ftpmotd
#DisplayGoAway                  /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot                     ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative            off

# Do not perform ident nor DNS lookups (hangs when the port is
filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Default to show dot files in directory listings
ListOptions                     "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228               off
#RootLogin                      off
#LoginPasswordPrompt            on
#MaxLoginAttempts               3
#MaxClientsPerHost              none
#AllowForeignAddress            off     # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User                            ftp
Group                           ftp

# This is where we want to put the pid file
ScoreboardFile                  /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
AllowOverwrite on
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
AllowRetrieveRestart on
AllowStoreRestart on
DefaultTransferMode binary
DefaultChdir /home
DeleteAbortedStores off
RootLogin off
AuthAliasOnly off
</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine                      on
#TLSRequired                    on
#TLSRSACertificateFile          /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile       /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite                 ALL:!ADH:!DES
#TLSOptions                     NoCertRequest
#TLSVerifyClient                off
##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
#TLSLog                         /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp
#  AccessGrantMsg               "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as
"ftp"
#  UserAlias                    anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                   10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir                        /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README*
files.
#  DisplayLogin                 /welcome.msg
#  DisplayFirstChdir            .message
#  DisplayReadme                        README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser                  on ftpadm
#  DirFakeGroup                 on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite             no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good
idea!)
#  WtmpLog                      off
#
#  # Logging for the anonymous transfers
#  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

<VirtualHost ftp.tconsulting.org>
DefaultRoot ~ !ftpusers
DefaultRoot /home ftpusers
AllowRetrieveRestart on
AllowStoreRestart on
DefaultServer on
DefaultTransferMode binary
<Limit STOR>
  AllowAll
</Limit>
# MasqueradeAddress 10.4.10.4
DeleteAbortedStores off

ServerName "T Consulting"
RootLogin off
</VirtualHost>

-----------------------------------------------------
Any help would be greatly appreciated.