Hi everyone, i used the howto to install proftpd with mysql support under fedora 4. i have mad all the entries and the login of the user to the appropriate directorys works fine BUT now the problem starts. if this users try to upload or create new folders or even delete files the error messages "permission denied" comes up. what can i do against that? Cheers PM
Code: # This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ ServerName "ProFTPD server" ServerIdent on "FTP Server Hamburg/Germany" ServerAdmin [email protected] ServerType standalone DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off # Use pam to authenticate by default PersistentPasswd off AuthPAMAuthoritative off DefaultRoot ~ !adm IdentLookups off UseReverseDNS off Port 21 Umask 022 ListOptions "-a" # See Configuration.html for these (here are the default values) #MultilineRFC2228 off #RootLogin off #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP # Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on MaxInstances 20 User ftp Group ftp ScoreboardFile /var/run/proftpd.score # Normally, we want users to do a few things. <Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global> LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" # TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log # A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftpadm # DirFakeGroup on ftpadm # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous> # virtual www / ftp users configuration # mysql settings for authentication # Be sure to substitute your passord for PASSWORD SQLAuthTypes Plaintext Crypt SQLConnectInfo [email protected] proftpd pass SQLUserInfo ftpuser userid passwd uid gid homedir shell SQLGroupInfo ftpgroup groupname gid members SQLMinID 500 SQLHomedirOnDemand on SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser SQLLog STOR,DELE modified SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser TimesGMT on # User quotas # uncomment the following section to enable user quotas #QuotaEngine on #QuotaDirectoryTally on #QuotaDisplayUnits Mb #QuotaShowQuotas on #SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" #SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" #SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies #SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies #QuotaLimitTable sql:/get-quota-limit #QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
Like this: Code: chown ftpuser:ftpgroup /path/to/directory This would change the ownership of that directory only. If you also want to change the ownership of the files and directories that are in that directory, you'd run Code: chown -R ftpuser:ftpgroup /path/to/directory
Hi, now this problem comes up: Code: Resolving host name domain.tld... Connecting to (domain.tld) -> IP: XX.XX.XXX.X PORT: 21 Connected to (domain.tld) -> Time = 31ms Socket connected waiting for login sequence. 220 FTP Server USER user1 331 Password required for user1. PASS (hidden) 230 User user1 logged in. SYST 215 UNIX Type: L8 FEAT 211-Features: MDTM REST STREAM SIZE 211 End PWD 257 "/" is current directory. CWD /domain.tld/log 250 CWD command successful PWD 257 "/domain.tld/log" is current directory. TYPE A 200 Type set to A PASV 227 Entering Passive Mode (xx,xx,xxx,xxx,156,106). Opening data connection IP: x,Xx,x,xx,156,106 PORT: 40042. Der Host war bei einem Socketvorgang nicht erreichbar. PORT 192,168,10,10,4,233 200 PORT command successful Opening data connection IP: 192.168.10.10 PORT: 1257. LIST -aL 150 Opening ASCII mode data connection for file list 271 bytes received successfully. (271 B/s) (00:00:01). 226 Transfer complete. What can i do against that socket problem? Cheers PM
Hi Falko, i have changed the FTP Client (Smartftp) from passive mode to active mode. i have also changed the option "force server ip for pass mode" now it is going much faster. shoud I add any other directives to the proftpd conf file? Thanks a lot ciao PM
In your FTP client or on the server? Looks like the problem was caused by a firewall... None that I know of... I guess it's working now?
Hello, I really love this howto guide! One question about ownership.. What do i need to change in order to permanently change the ownership? Ive tryed to just change "('exampleuser', '1', MD5('secret'), '2001', '2001', '/home/www.example.com'," To "('exampleuser', '1', MD5('secret'), '33', '33', '/home/www.example.com'," But it didn't work. I mainly use this guide to run a webserver, and i often get ownership problems when installing CMS's like Joomla and such. I use Debian and want the ownership set to Apache.
Thanks for your answer. Ok, is there any other solution to my "problem" that dont include changing user/group settings in httpd.conf?
You could add the Apache user to the ftpgroup group and then change the umask in /etc/proftpd.conf to 002 so that all uploaded files are also writable for the group.
Ah crap, im running pure-ftpd Ive looked up some information about umask in pure-ftpd, and it seems to be a bit pain in the a**.. Well thanks for your help anyways
Hello falko, I switched to Virtual Hosting With Proftpd And MySQL (Incl. Quota), this time and im wondering about the stuff you said earlyer. My Linux knowledge is somewhat limited (still learning). What did you mean by adding Apache user to ftpgroup, was it the groupmod -G thing; or something else?
Thanks Faklo Ive added Apache to Ftpgroup now like this: ftpgroup:x:2001:www-data One thing about Umask. There are two valuse to change: Umask 022 022. Do i need to change both? Thanks for your help Falko
Super, it worked My questions is like a never ending story When i used Pureftp i never had to wait to login, now with Proftpd it takes a while to login.. Any ideas? I use Debian 3.1 (minimal install). Edit: I got the ftp problem sorted