Adding users to ProFTPd

Discussion in 'Installation/Configuration' started by supr, Nov 1, 2006.

  1. supr

    supr New Member

    I've got a group called 'ftpuser'. This group has user1 and this works great.

    When I look at /etc/group I see 'ftpuser:x:1002:user1'. When I check /etc/proftpd.conf I see 'DefaultRoot /var/www/user1.com user1'.

    This configuration worked for some time now.

    Now, I'd like to add user2 for my user2.com domain.

    I ran these commands:
    Code:
    useradd -g ftpuser -s /bin/ftp user2
    usermod -G ftpuser
    passwd ftpuser
    
    and I edited /etc/proftpd.conf to say:
    Code:
    DefaultRoot /var/www ftpuser
    DefaultRoot /var/www/user1.com user1
    DefaultRoot /var/www/user2.com user2
    
    And restarted proftpd process.

    But the problem is that when I try connecting with user1, everything works great. When I try connecting with user2, it says "Incorrect login".

    What am I missing?
     
  2. supr

    supr New Member

    Typical, I solve my problem 5minutes after I post it in the forums :)

    I ran this:
    Code:
    useradd -g /var/www/user2.com -s /bin/ftp -g ftpuser user2
    usermod -G ftpuser user2
    passwd user2
    
    I guess the problem was I never specified the user's home directory?
     
  3. supr

    supr New Member

    Darn. I just realized that I haven't solved my problem at all. Sure, I can login via FTP directly to /var/www/user2.com but that's only because thats user2's home directory.

    The problem persists... and advice?
     
  4. falko

    falko Super Moderator Howtoforge Staff

    Is this a problem?

    What's in /etc/proftpd.conf? Any errors in your logs?
     
  5. supr

    supr New Member

    Code:
    #
    # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    # 
    
    ServerName			"Debian"
    ServerType			standalone
    DeferWelcome			off
    
    MultilineRFC2228		on
    DefaultServer			on
    ShowSymlinks			on
    
    TimeoutNoTransfer		600
    TimeoutStalled			600
    TimeoutIdle			1200
    
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    ListOptions                	"-l"
    
    DenyFilter			\*.*/
    
    DefaultRoot			/var/www ftpuser
    DefaultRoot			/var/www/domain.com domain
    DefaultRoot			/var/www/domain2.com domain2
    DefaultRoot			~
    
    # Slow FTP ...
    UseReverseDNS 			off
    IdentLookups			off
    
    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    #PersistentPasswd		off
    
    # Uncomment this if you would use TLS module:
    #TLSEngine 			on
    
    # Uncomment this if you would use quota module:
    #Quotas				on
    
    # Uncomment this if you would use ratio module:
    #Ratios				on
    
    # Port 21 is the standard FTP port.
    Port				21
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			30
    
    # Set the user and group that the server normally runs at.
    User				nobody
    Group				nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022  022
    # Normally, we want files to be overwriteable.
    AllowOverwrite			on
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default. 
    #DelayEngine 			off
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User				ftp
    #   Group				nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias			anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser	on ftp
    #   DirFakeGroup on ftp
    # 
    #   RequireValidShell		off
    # 
    #   # Limit the maximum number of anonymous logins
    #   MaxClients			10
    # 
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin			welcome.msg
    #   DisplayFirstChdir		.message
    # 
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    # 
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask				022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    # 
    # </Anonymous>
    
    This is my /etc/proftpd.conf

    To answer your question falko: no, this isnt really a *problem*, but I still haven't figured out how to create virtual users... like having 3 ftp accounts for the same /var/www/domain-something.com and each of them having different DefaultRoot directories... (just an example)
     
  6. falko

    falko Super Moderator Howtoforge Staff

Share This Page