by John Forkos » Fri, 16 Aug 2002 23:18:26
by Mark Consta » Sat, 17 Aug 2002 11:16:17
by John Forkos » Sat, 17 Aug 2002 15:37:36
: Are you trying to ftp into the machine as root? You can't login as
: root do to security features. Also about the anonymous. By default you
: can't log in as anonymous either. I think it says you can in a fresh
: install but you have to go to /etc/ftpusers and rem out ftp. Hope that
: helps.
Thanks, Mark. Actually, I'd already commented out the ftp user
in ftpusers, as suggested by the comments in that file.
Anyway, I was trying to ftp into the machine as myself (i.e., my
personal account), though I also tried anonymous ftp just to see
what happened -- it failed too, but not because of ftpusers.
Meanwhile, I downloaded and built lftp, and installed it.
It works ftp-ing out from the machine, but fails ftp-ing to it,
even as loopback (ftp-ing from the machine to localhost).
So perhaps the problem isn't with proftpd.conf (and friends)
as I originally supposed, but maybe something with user/password
lookup. But logging in and telnetting to the machine isn't
a problem. What else might be a problem with password lookup?
Thanks again for suggestions.
--
by John Forkos » Sat, 17 Aug 2002 16:15:40
: : Are you trying to ftp into the machine as root? You can't login as
: : root do to security features. Also about the anonymous. By default you
: : can't log in as anonymous either. I think it says you can in a fresh
: : install but you have to go to /etc/ftpusers and rem out ftp. Hope that
: : helps.
: Thanks, Mark. Actually, I'd already commented out the ftp user
: in ftpusers, as suggested by the comments in that file.
: Anyway, I was trying to ftp into the machine as myself (i.e., my
: personal account), though I also tried anonymous ftp just to see
: what happened -- it failed too, but not because of ftpusers.
: Meanwhile, I downloaded and built lftp, and installed it.
: It works ftp-ing out from the machine, but fails ftp-ing to it,
: even as loopback (ftp-ing from the machine to localhost).
: So perhaps the problem isn't with proftpd.conf (and friends)
: as I originally supposed, but maybe something with user/password
: lookup. But logging in and telnetting to the machine isn't
: a problem. What else might be a problem with password lookup?
: Thanks again for suggestions.
Oops, apparently not a password problem at all.
/var/log/proftpd.log contains "Invalid shell."
messages for all my failed ftp login attempts.
Echo $SHELL from my personal account shows
/bin/sh which is itself a symlink to /bin/bash.
--
by Fu » Sat, 17 Aug 2002 19:47:03
Adding;Quote:> Oops, apparently not a password problem at all.
> /var/log/proftpd.log contains "Invalid shell."
> messages for all my failed ftp login attempts.
> Echo $SHELL from my personal account shows
> /bin/sh which is itself a symlink to /bin/bash.
RequireValidShell off
into the proftpd config file, will sort that out.
by John Forkos » Sun, 18 Aug 2002 00:41:51
: Adding;
: RequireValidShell off
: into the proftpd config file, will sort that out.
Thanks, er, Fu. That worked perfectly.
In the meantime, I also discovered the specific problem.
I guess when I used adduser (or whatever I used)
to add my personal account, I must have defaulted
the Shell query. That's important because the
passwd file just contains a final : for my entry,
rather than :/bin/bash (or whatever). That is,
there's no field in passwd for my shell. Once
I manually edited the field into passwd, then
ftp worked fine -- with or without RequireValidShell
in proftpd.conf.
This seems to be an apparent inconsistency
between the default behavior of the login process
versus the default behavior of ftp. Maybe the
maintainers should fix that.
--
1. ProFTPd config: Directory login control?
Hello,
We host several web sites on a shared server, and use ProFTPd as the FTP
server for file uploads (via RPM from Mandrake 9.0). Our directory
structure for sites is like so:
/websites/[a-z,0-9]/customerdomain.com
where [a-z,0-9] represents the first character of the domain. My ProFTPd
config file looks like this:
--- proftpd.conf ---
ServerName "ProFTPd Server"
ServerType standalone
DefaultServer on
AllowStoreRestart on
Port 21
Umask 022
User ftp
Group ftp
PersistentPasswd off
DefaultRoot ~
<Directory /*>
AllowOverwrite on
</Directory>
--- proftpd.conf ---
However, one of our Customers would like login to their directory allowed by
certain IP address. After consulting the ProFTPd documentation, I added the
following to the 'proftpd.conf' file:
<Directory /websites/[a-z,0-9]/customerdomain.com>
<Limit LOGIN>
Order allow,deny
Allow from 10.1.1.1
Allow from 192.168.1.1
Deny from all
</Limit>
</Directory>
The above was not added in a <VirtualHost> directive or anything; just the
"main" configuration (FTP <VirtualHosts> are not setup on this config).
However, when I tried logging in to this Customer's site from my computer
(most definately not in the list of "Allowed" IP's), I was able to do so.
I guess my questions are:
1. Is it even possible to do this with the configuration I have?
2. If so, then what have I done wrong?
I don't want to setup <VirtualHosts>, because I don't want to be opening up
more ports than necessary; I have no problem telling this Customer that what
they want cannot be done on a shared server, but I want to do it for them if
at all possible.
As always, thank you, in advance, for your help and advice. :-)
2. SYN flooding
3. Help Needed Plz FreeBSD, ProFTPD config
4. Help with #flastmod in an #included file
5. ProFTPd config: Directory login control?
6. Adding Volumes to a Volumegroup don't work
7. Writing a config file for ProFTPd
8. SMC ISA Plug and Play card nayone ?
11. proftpd mkdir and upload problems
12. Proftpd configuration problems on Sparc Solaris 8