proFTP config

Discussion in 'Server Operation' started by latcarf, Sep 21, 2006.

  1. latcarf

    latcarf New Member

    My Perfect Set up SuSe 10.1 config for proFTP along with ISPConfig seems to be working with one exception... I have 2 sites web14_ and web15_, when I log in as anonymous it shows only the web14_ incoming directory.

    When I log in as the assigned users for web14_ and web15_ and their password it goes to their applicable web directory and other misc. directories. I just don't see where in the config files this is occurring.

    What is proftp using for authentication in Perfect Set Up and ISPConfig set up?

    I would prefer that the anonymous logging go into proftp alone and not the ISPConfig side. I assume there is probably and adjustment I need to make in the proftp_ispconf.conf(?).

    Since I have never used proftp (or vsftp) beyond anonymous I am unfamiliar with assigning users and directory rights but if I wanted to consolidate users who have access to different web programs (ISPConfig and Coppermine in my case) would this be what would help do that? ---> Virtual Hosting With Proftpd And MySQL (Incl. Quota)
     
  2. falko

    falko Super Moderator Howtoforge Staff

    You can have only one anonymous FTP account per IP address!
     
  3. latcarf

    latcarf New Member

    Makes sense... I only want one but I don't want it going to the ISPConfig web15_ user incoming directory. When I log in as anonymous via an ftp client it takes me to the web15_ "root" showing the /incoming directory.

    As it stands right now the proftpd_ispconfig.conf file only cites web15_ (see below) even though I also have web14_designated for ftp use. I can however log in with the web15_ or web14 user name and password and get to their directories. That is okay and how it probably should be. I just want anonymous to go to the /srv/ftp and the directories I set up in there.

    Code:
    DefaultAddress 127.0.0.1
    <VirtualHost 192.168.2.5>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
            <Anonymous /srv/www/web15/ftp>
              User                          web15_anonftp
              Group                         web15_anonftp
              UserAlias                     anonymous web15_anonftp
              UserAlias                     guest web15_anonftp
              MaxClients                    10
              <Directory *>
                <Limit WRITE>
                  DenyAll
                </Limit>
              </Directory>
              <Directory /srv/www/web15/ftp/incoming>
                Umask                       002
                <Limit STOR>
                  AllowAll
                </Limit>
                <Limit READ>
                  DenyAll
                </Limit>
              </Directory>
            </Anonymous>
    </VirtualHost>
    the proftpd.conf file is as cited in the Perfect Set Up unless internal changes reconfigured it.

    I only have 2 sites (going for 3) so with web"14", "15" you can see I made a few mistakes setting evrything up. :D I am about to start from scratch with SuSe 10.1 and ISPConfig so hopefully I won't make those mistakes again and maybe it will correct the ftp problems I probably created.
     
  4. latcarf

    latcarf New Member

    I reloaded all and it went well... two sites designated as web2_ and web3_. The proftpd_ispconfig.conf looks the same as before except it specifies web2_ now instead of web15_.

    What I want to accomplish is that anonymous users get directed to /srv/ftp/ and not /srv/www/web2/ftp/incoming. I just realized (as I was writing this!) maybe I should uncheck the anonymous ftp button for the Clients/Sites in ISPConfig first huh? Will that help? i.e. remove the anonymous logging from proftpd_ispconfig.conf...
     
  5. falko

    falko Super Moderator Howtoforge Staff

    You can hardcode that into /etc/proftpd.conf, just before /etc/proftpd_ispconfig.conf gets included. Put this into /etc/proftpd.conf:


    Code:
    <VirtualHost 192.168.2.5>
            DefaultRoot             ~
            AllowOverwrite          on
            Umask                   002
            <Anonymous /srv/ftp>
              User                          web15_anonftp
              Group                         web15_anonftp
              UserAlias                     anonymous web15_anonftp
              UserAlias                     guest web15_anonftp
              MaxClients                    10
              <Directory *>
                <Limit WRITE>
                  DenyAll
                </Limit>
              </Directory>
              <Directory /srv/ftp/incoming>
                Umask                       002
                <Limit STOR>
                  AllowAll
                </Limit>
                <Limit READ>
                  DenyAll
                </Limit>
              </Directory>
            </Anonymous>
    </VirtualHost>
     
  6. latcarf

    latcarf New Member

    did that restarted proftpd... whats this mean?
    Code:
    server1:~ # /etc/init.d/proftpd restart
    Shutting down ProFTPD Server:                                        done
    Starting ProFTPD Server:  - IPv4 getaddrinfo 'server1' error: Name or service not known
     - warning: unable to determine IP address of 'server1'
     - setting default address to 127.0.0.1
     - warning: "ProFTPD" address/port (192.168.2.5:21) already in use by "ProFTPD"
                                                                         done
    server1:~ #
    and this is what I get from gftp client
    Code:
    Looking up ftp.latcarfproductions.com
    Trying server1.latcarfproductions.com:21
    Connected to ftp.latcarfproductions.com:21
    220 ProFTPD 1.3.0 Server (ProFTPD Default Installation) [192.168.2.5]
    USER anonymous
    
    331 Anonymous login ok, send your complete email address as your password.
    PASS xxxx
    530 Login incorrect.
    Disconnecting from site ftp.latcarfproductions.com
    If you see what I am doing wrong please let me know... I am going to plug away at it off and on today.
     
  7. falko

    falko Super Moderator Howtoforge Staff

    Is server1 listed in /etc/hosts?
     
  8. latcarf

    latcarf New Member

    yes, this server IP has a hostname of server1.latcarfproductions.com and the alias names are www.[domain].com ftp.[domain].com, etc.

    I figured out it has something to do with the insert for proftpd you gave me above. When I go back to the proftpd.conf we setup in the Perfect Setup SuSe 10.1, I get a normal restart.

    Also when I copied your insert above into proftpd.conf it still takes me into the ISPConfig FTP directory for "www.latcarfproductions.com" which is also web4. Interesting, it seems when using ISPConfig as admin (prabably as Client also) that the last "Site" given anon ftp access is designated as the default directory if you log in as anon with an ftp client. The lines <Anonymous /srv/ftp> and <Directory /srv/ftp/incoming> had no effect on where the anon login with an ftp client was directed.
     
    Last edited: Sep 25, 2006
  9. latcarf

    latcarf New Member

    Okay... while it seems to be running and accessable something may still be wrong... when I try to transfer from my XP cp to the ftp site using smartFTP I get this
    Code:
    [15:44:51] Client closed the connection.
    [15:45:18] Resolving host name "ftp.latcarfproductions.com"
    [15:45:18] Connecting to 192.168.2.5 Port: 21
    [15:45:18] Connected to ftp.latcarfproductions.com.
    [15:45:28] 220 ProFTPD 1.3.0 Server (ProFTPD Default Installation) [192.168.2.5]
    [15:45:28] USER anonymous
    [15:45:28] 331 Anonymous login ok, send your complete email address as your password.
    [15:45:28] PASS (hidden)
    [15:45:28] 230 Anonymous access granted, restrictions apply.
    [15:45:28] SYST
    [15:45:28] 215 UNIX Type: L8
    [15:45:28] FEAT
    [15:45:28] 211-Features:
    [15:45:28]  MDTM
    [15:45:28]  REST STREAM
    [15:45:28]  SIZE
    [15:45:28] 211 End
    [15:45:28] PWD
    [15:45:28] 257 "/" is current directory.
    [15:45:44] CWD /incoming
    [15:45:44] 250 CWD command successful
    [15:45:44] PWD
    [15:45:44] 257 "/incoming" is current directory.
    [15:45:44] Remote file exist check: "motion-blur-animation-guide.txt".
    [15:45:44] TYPE I
    [15:45:44] 200 Type set to I
    [15:45:44] SIZE motion-blur-animation-guide.txt
    [15:45:44] 550 motion-blur-animation-guide.txt: No such file or directory
    [15:45:44] File size check (SIZE) failed. File not found or permission denied.
    [15:45:44] PASV
    [15:45:44] 227 Entering Passive Mode (192,168,2,5,178,96).
    [15:45:44] Opening data connection to 192.168.2.5 Port: 45664
    [15:45:44] STOR motion-blur-animation-guide.txt
    [15:45:44] 550 motion-blur-animation-guide.txt: Permission denied
    [15:45:44] MDTM 20051104144509 motion-blur-animation-guide.txt
    [15:45:44] 550 20051104144509 motion-blur-animation-guide.txt: No such file or directory
    [15:45:44] Transfer failed.
    [15:45:44] TYPE A
    [15:45:44] 200 Type set to A
    [15:45:44] PASV
    [15:45:44] 227 Entering Passive Mode (192,168,2,5,215,0).
    [15:45:44] Opening data connection to 192.168.2.5 Port: 55040
    [15:45:44] LIST -aL
    [15:45:44] 150 Opening ASCII mode data connection for file list
    [15:45:44] 121 bytes transferred. (N/A/s) (0 ms)
    [15:45:44] 226 Transfer complete.
    [15:46:34] NOOP
    [15:46:35] 200 NOOP command successful
    Being an newb it seems the transfer failed then succeeded :confused: What I do know is I could not find the file anywhere on the cp I was transferring it to.

    Is there something wrong here?

    I did some googling for some of the codes 200 set type to I, 150, 227, 121, 226... and it seemed most trails eventually led to something to do with MasqueradeAddress although I am not sure I understood it. Both cp's are behind the same firewalled router the and the one I was attempting to transfer to is my server and the one we have been plugging away at the proftpd.conf file in this thread.
     
  10. falko

    falko Super Moderator Howtoforge Staff

    What's the output of
    Code:
    ls -la /path/to/incoming
    ?
     
  11. latcarf

    latcarf New Member

    Code:
    server1:~ # ls -la /path/to/incoming
    /bin/ls: /path/to/incoming: No such file or directory
    server1:~ #
    /incoming is a directory, path: /srv/www/web4/ftp/incoming

    I found out there seems to be no browswer access to the site outside my network either.

    With an ftp client "anonymous" can log in and see the folders but have no upload rights, which I want them to have. ISPConfig clients by user/password seems to be working great.
     
  12. falko

    falko Super Moderator Howtoforge Staff

    I wanted you to replace /path/to/incoming. ;)
    What's the output of
    Code:
    ls -la /srv/www/web4/ftp/incoming
    then?
     
  13. latcarf

    latcarf New Member

    sorry... lol... did I mention I was still a newb :p
    Code:
    server1:~ # ls -la /srv/www/web4/ftp/incoming
    total 8
    drwxr-xr-x 2 root         root 4096 Sep 26 15:35 .
    drwxrwxr-x 7 web4_latcarf web4 4096 Sep 26 15:35 ..
    server1:~ #
     
  14. falko

    falko Super Moderator Howtoforge Staff

    After running
    Code:
    chown web4_latcarf:web4 /srv/www/web4/ftp/incoming
    you should be able to upload.
     
  15. latcarf

    latcarf New Member

    There are no problems logging in as web4_latcarf (or any other user established in ISPConfig) and uploading to their assigned folders. At least within my network using an ftp client.

    The real problem has been and still is that someone logging in as "anonymous" could not upload files. Then I found out the other day that you could not establish contact with my ftp site outside of my home network with a browser or an ftp client.

    I did discover today that the directories for anonymous use did not have the correct permissions applied. Once I took care of that then I was able to upload files as anonymous from within my home network. I still don't know if anyone can access my site from the internet. I am waiting to hear from a friend if he was able to finally get to my ftp site with a browser or ftp client since I changed the permissions on the directories. Just in case you have a chance to check it's ftp://ftp.latcarfproductions.com and you should see 3 directories; Dummy1, Dummy2, and incoming. Sooner or later I will here from someone!
     
  16. falko

    falko Super Moderator Howtoforge Staff

    It's working (at least in active mode). :)
     
  17. latcarf

    latcarf New Member

    cool! thanks!!
    Are you saying it is not working in passive though? Being a newb I looked up active and passive modes... actually found some helpful info, and a fix in HowToForge Archives (http://www.howtoforge.com/forums/archive/index.php/t-801.html).

    Will this fix work under the current versions and set up? I am behind a router with firewall (Belkin 802.11g part# F5D7230-4). I checked the router settings page and if there is a place to establich multiple ports for any service they sure hid it well!
     
  18. falko

    falko Super Moderator Howtoforge Staff

    No, it's not working in passive mode because of your firewall, but that's why there is an active and a passive mode: so you can select the one that works. No need to change anything.
     
  19. latcarf

    latcarf New Member

    thanks again! I will leave well enough alone then!! :D
     

Share This Page