ProFTPd :: Set Group And Permissions
Nov 15, 2008
Currently I have
Umask 027
The problem is, how do I get the group to be set as apache on a file/dir upload? I really do not like having other permissions set, as it can be a security risk, allowing others to access someone else's files.
Another issue is, I can't remove privileges, but I can add them.
copy of proftpd.conf:
Code:
ServerName "FTP"
ServerType standalone
Port 21
PassivePorts 35000 35999
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
#MaxCients 20 "Sorry, the maximum number of allowed users are already connected (%m)"
#MaxClientsPerHost 2
#MaxClientsPerUser 2
MaxConnectionsPerHost 6 "Sorry, you may not have more then 6 connections open at a time"
MaxHostsPerUser 6 "Sorry, you may not connect more than 6 times"
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
LogFormat write "%h %l %u %t "%r" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b"
ExtendedLog /var/log/proftpd/IP.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
#AuthPAM off
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol TLSv1
TLSVerifyClient off
TLSRequired off
#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem
</IfModule>
<Global>
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
ListOptions -a
Umask 027 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite on
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
</Global>
Include /etc/proftpd.vhosts.conf
View 4 Replies
ADVERTISEMENT
Jul 23, 2009
I've finally made the leap to upgrading from shared hosting to a VPS. I'm still setting up my configuration before I point the domain name to my new server, but for now, I have the site mirrored and I'm ensuring that all is running well. For the most part, everything is working, but I am running into a few permission issues...
As of right now, all the files in my htdocs directory are owned by root, and I am logging into my FTP client as root. However, I'm pretty sure that this is not how I should be doing this, because I need to allow write permissions to some folders from my php scripts.
I was just curious, how do you you guys set up the users and groups on your linux servers (running apache). I'm just not certain of the best way to handle it. Should I make a new FTP user, and if so, what group should it go in? Should that user be the owner of all the web files? When is it safe to set folder permissions to 777?
View 4 Replies
View Related
Jan 6, 2015
We have several sites on one server. When I use the plesk wordpress manager it some how updates the User and Group permissions on folders and files with the username apache. How or what command do I run to get it to use the site username and psacln. It appears something maybe in an update or whatever has caused this issue. This only occurs with wordpress and drupal updates from the plesk interface.
What command can I run just to update the permissions to update all users to a username and psacln security settings on folders and directories.Running Plesk 12.0.18 and CentOS7
View 1 Replies
View Related
Oct 12, 2009
I am running Proftpd on my RedHat. I have disabled anonymous login because i dont need it and its running fine.
I have created a user named test on the server and i try to connect it by typing ftp://myserver/ and then provide the id and pass.
Now it logged-in successfully but cant access any directories on the server. i have been Google around but really getting confused how i properly create a ftp user
i want the test user to access the following directories and he can be able to upload and download files from these directories
/home/usman/public_html/
/home/usman/public_ftp/
/home/usman/cgi-bin/
View 2 Replies
View Related
Jul 13, 2007
This isn't a major problem but I was just wondering something regarding how ProFTPd functions. I have received a complaint about a user uploading a script, the script creating files and directories, and the user not being able to CHMOD, delete, rename, or do anything to these files.
When files are created through scripts on my server, they are given a default owner permission with "www-data" for the user and group.
Since ProFTPd is set up to only modify files on certain owner permissions according to the user's FTP access, ProFTPd will not allow any other owner permission and if any other owner permissions exist, ProFTPd will not allow those files to be modified or changed in anyway.
Is there a way to fix this? I've been trying to figure it out but I can't.
Just for note, I am using proftpd-mysql and so every user is linked through a MySQL database.
View 5 Replies
View Related
Mar 3, 2007
When connecting via an ftp client I want the directory listed to be /var/www/html but currently it's /home/username. I've tried changing the initial login directory with webmin to /var/www/html but to no avail. How would this be done?
View 1 Replies
View Related
Jul 25, 2007
Is there a way to do so in cpanel using ip deny manager?
View 4 Replies
View Related
May 21, 2008
i use ProFTPD as FTP.
I use webmin as admin panel.
After installation, im worried about the default security config.
Also, i can log as anonym wich is ok, however i can't log using my unix user what i have to do?
Here's my config sample;
Quote:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName"Junky-Monkey"
ServerTypestandalone
DefaultServeron
# Port 21 is the standard FTP port.
Port21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances30
# Set the user and group under which the server will run.
Usernobody
Groupnobody
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwriteon
</Directory>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
Userftp
Groupftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAliasanonymous ftp
# Limit the maximum number of anonymous logins
MaxClients10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLoginwelcome.msg
DisplayFirstChdir.message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
View 1 Replies
View Related
Jul 17, 2007
I am trying to set up the FTP on my VPS. I am using webmin control pannel and os CentOs 4.
I have created a user called mic and made the home dir of the user /var/www/. then placed the user in the group ftpusers.
I then went into the proFTPD server config but of webadmin and set the user and group. i then tryed to log in to the FTP. SUCSESS.
BUT .... wen i tryed to upload somethink it give me permission denied. and when i try to delete somethink Access denied.
What did i do wrong?
View 5 Replies
View Related
Mar 22, 2007
I would like to setup proftpd with mod_sql to access a mysql database for ftp accounts instead of using pam. The server has pleask 8.1 installed with psa-proftpd-xinetd-1.3.0 installed. How do I recompile the psa-proftpd with --with-modules=mod_sql option? Here is the current proftpd configure command:
configure --localstatedir=/var/run --with-libraries=/usr/lib64 --sysconfdir=/etc --with-modules=mod_ratio:mod_readme:mod_quota --with-modules=mod_ratio:mod_readme:mod_quota:mod_tls --enable-buffer-size=8192 --prefix=/usr CC=gcc CFLAGS=-O -pipe -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/usr/include/libxml2 -I/home/builder/buildbot/psa-aiconfig-810-fc4x64/build/plesk/lib/dist/usr/include -I/usr/include CXXFLAGS=-O -pipe -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/usr/include/libxml2 -I/home/builder/buildbot/psa-aiconfig-810-fc4x64/build/plesk/lib/dist/usr/include -I/usr/include CXX=g++ LDFLAGS= --enable-ltdl-convenience --no-create --no-recursion
View 1 Replies
View Related
Jan 31, 2007
anyone used this directive?
how did you decide on a decent value to set the limits at?
ideally id just like to stop processes taking up too much cpu, but it seems you cant set it as a %..
View 1 Replies
View Related
Mar 8, 2007
i have a main server that is connected online & now live with a static IP address. at the local network, i have 6 other PCs running apache that is connected to the main server.
since i can only effort for 1 IP now, how can i have the local connected servers to be viewable from the internet as well like some normal web URLs?
View 5 Replies
View Related
Aug 3, 2007
in a domain environment, how do I enable users to be able to access the Desktop properties and allow them to change their wallpapers. I know it should be a simple one but I'm still looking through policies but can't find what can be. By default/ after some group policy changes, all users are denied from accesing this properties window.
View 4 Replies
View Related
Aug 27, 2007
I'm making an account for my friend, and I just want him to have access to /var/www/hishomedirectory/
I want him to be able to do anything in that directory (rename files, delete, copy, move, upload, etc..), but not able to use apt-get or play with settings. Not a superuser either.
View 3 Replies
View Related
Jul 18, 2007
Trying to install ProFTPD with mysql, the problem is after installing it and adding the lines in the config file to use MySQL the service fails to start. The error Im getting is:
"unknown configuration directive 'SQLAuthTypes'"
So it seems like it doesnt recongize the function needed to use mysql with proftpd, which is in mysql_mod.c. I did proftpd -l and the mysql_mod.c was not listed, I did a search on the whole box and couldnt find mysql_mod anywhere. Im on Fedora Core 6 and tried to install proftpd with yum:
yum install proftpd proftpd-mysql
Do I have to compile from source to get this to work? Or did I miss installing something else that would have mysql_mod.c present? I currently have mysql installed and running, tested the login info I had in the config file and everything works on the mysql side.Silly
View 1 Replies
View Related
Jun 8, 2009
What I want to do is setup virtualhosts for my clients and set the user/group that their files upload as. been on google and im guessing ill need to setup mod_auth?
View 2 Replies
View Related
Mar 14, 2008
We've got a Linux box running ProFTPd reaches a Windows box over SAMBA. This works very well but when the client has a great number of files, the FTP Windows-based FTP clients they use don't always give accurate directory listings (if any at all). I know there's some bug in the way SAMBA works with Windows File Sharing but I don't know what the magic file number is that, when reached, prevents a proper directory listing. Does anyone know what this magic number is or if there's an available, tested fix for this?
View 3 Replies
View Related
Oct 6, 2007
I wanted to upgrade proftpd and dit this.
I followed an how-to on directadminforums:
Code:
cd /usr/local/directadmin/customapache/
wget ftp://ftp.proftpd.org/distrib/source....3.1rc2.tar.gz
tar xzf proftpd-1.3.1rc2.tar.gz
rm -rf proftpd-1.3.1rc2.tar.gz
cd proftpd-1.3.1rc2
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-modules=mod_ratio:mod_readme:mod_tls
make
make install
perl -pi -e "s/^AuthPAM on/#AuthPAM on/g" /etc/proftpd.conf
/etc/rc.d/init.d/proftpd restart
I changed the proftpd-1.3.1rc2 version to the newest version of proftpd.org
When I run /etc/init.d/proftpd start, I get the following:
Code:
Starting proftpd: - mod_tls/2.1.2: compiled using OpenSSL version 'OpenSSL 0.9.7k 05 Sep 2006' headers, but linked to OpenSSL version 'OpenSSL 0.9.7a Feb 19 2003' library
- Fatal: unable to load module 'mod_tls.c': Operation not permitted
[FAILED]
View 4 Replies
View Related
Dec 18, 2008
After some yum updates last night one user and group called xfs were created on my dedicated server. Does anyone know what this group/user is used for?
View 0 Replies
View Related
Jan 6, 2008
(1) I installed my modernBill on the server.
(2) I changed the DocumentRoot in httpd.conf and point to a different folder in my server. (whatever I guess it really didnt do anything to my problem)
(3) I Opened the Modernbill software on the but cpanel is not showing in the ServerGroup.
View 1 Replies
View Related
Nov 5, 2007
I want to add 50 emails to a group called group50@service.com
Then from anywhere in the world I can login to an email client, compose a message to group50@service.com. And it will send my message to all 50 users.This is not limited to just my account, but universal to anyone.
View 3 Replies
View Related
Apr 3, 2014
I have opensuse 13.1 on my server and i folow this tutorial: URL....but as you see this is for opensuse 12.2, but i manage to run everythink only apache2 server.Well i get this error, but i run vhost.No user or group set - set suPHP_UserGroup..Well apache2 is rurning as every other thinks on server only web page dont show and i get error: Server error!
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.
View 1 Replies
View Related
Apr 14, 2009
so I got OpenSSL 0.9.8k up and installed, no issued:
Quote:
# openssl
OpenSSL> version
OpenSSL 0.9.8k 25 Mar 2009
OpenSSL>
Rebuilt cURL (and then php), httpd and proftpd but all of them are still linking to the older libraries for some reason
Quote:
# curl -V
curl 7.19.4 (x86_64-unknown-linux-gnu) libcurl/7.19.4 OpenSSL/0.9.8g zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http https ftps
Features: IPv6 Largefile NTLM SSL libz
Quote:
[Tue Apr 14 00:11:03 2009] [notice] Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g DAV/2 PHP/5.2.9 Apache configured -- resuming normal operations
Quote:
Starting proftpd: - mod_tls/2.2.1: compiled using OpenSSL version 'OpenSSL 0.9.8i 15 Sep 2008' headers, but linked to OpenSSL version 'OpenSSL 0.9.8g 19 Oct 2007' library
proftpd has its own set of issues obviously built with i headers and linked to g headers. Any ideas wtf I did? I recomplined and restarted everything. I removed the g and i libraries completely. OpenSSH seems happy and nothing is actually "wrong", the server is working fine but I'm really anal retentive this way...it's kinda how I feel "safer" at the OS level.
View 3 Replies
View Related
Feb 22, 2008
I have been attempting to install Proftpd on linux(cent os 5 32 bit). The issue is i have to use proftpd i can't use vsftp or pure ftp I have downloaded the RPM. I downloaded this one to the server [url]. and i ran the command rpm -ivh proftpd* and it did its thing for a second and told me it was done. But when i run the command /etc/init.d/proftpd start or restart it doesn't wanna start. It just tells me failed. Can anyone help me with this? I'm not sure what else i can do.
View 6 Replies
View Related
Nov 15, 2008
I have installed ProFTPd through Webmin onto Ubuntu 8.10 Server edition.
I can connect to ProFTPd via FTP on Port 21 no problem, but currently am unable to via SFTP (using WinSCP).
I would like to block all FTP access on Port 21 and only make it only possible to connect via SFTP/SSH on Port 22.
View 1 Replies
View Related
Oct 25, 2007
I have a centos 4.4 server, I noticed the load is high and when I checked the top command I found the following:
Code:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
17212 root 25 0 11504 6236 908 R 57 0.3 195:58.73 http
27994 ftp 18 0 7624 2232 336 R 48 0.1 0:02.39 proftpd
7056 nobody 15 0 27764 10m 1884 S 8 0.5 0:00.62 httpd
4738 nobody 15 0 25788 8952 1976 S 7 0.4 0:08.01 httpd
7199 root 18 0 6376 3704 760 R 6 0.2 0:02.41 top
7021 nobody 16 0 27240 10m 1964 S 5 0.5 0:01.73 httpd
3999 nobody 16 0 26888 9.9m 2008 S 5 0.5 0:09.39 httpd
7180 nobody 15 0 26524 9524 1700 S 5 0.5 0:00.16 httpd
6330 nobody 15 0 26856 9.8m 1992 S 4 0.5 0:04.34 httpd
6272 nobody 15 0 26764 9912 1968 S 2 0.5 0:05.36 httpd
6239 nobody 15 0 25428 8476 1888 S 1 0.4 0:02.95 httpd
1 root 16 0 2300 96 68 S 0 0.0 4:46.28 init
20323 ftp 16 0 5116 428 312 S 0 0.0 0:00.92 proftpd
22126 ftp 16 0 5512 428 312 S 0 0.0 0:01.03 proftpd
22313 ftp 16 0 5644 424 312 S 0 0.0 0:01.00 proftpd
22781 ftp 16 0 5644 460 304 S 0 0.0 0:01.04 proftpd
22837 ftp 16 0 5644 424 312 S 0 0.0 0:01.02 proftpd
24157 ftp 16 0 5776 432 308 S 0 0.0 0:01.09 proftpd
24176 ftp 16 0 5776 432 308 S 0 0.0 0:01.09 proftpd
24989 ftp 16 0 6040 476 316 S 0 0.0 0:00.91 proftpd
25327 ftp 16 0 6172 548 308 R 0 0.0 0:01.02 proftpd
25526 ftp 16 0 6172 808 308 R 0 0.0 0:01.03 proftpd
26013 ftp 16 0 6172 1128 308 R 0 0.1 0:00.98 proftpd
26152 ftp 16 0 6172 1144 312 R 0 0.1 0:01.00 proftpd
26306 ftp 16 0 6172 1172 308 R 0 0.1 0:01.02 proftpd
26455 ftp 16 0 6172 1420 312 S 0 0.1 0:04.02 proftpd
26860 ftp 16 0 6172 928 308 S 0 0.0 0:01.04 proftpd
26936 ftp 16 0 6172 928 308 S 0 0.0 0:00.91 proftpd
27166 ftp 16 0 6172 800 308 S 0 0.0 0:00.96 proftpd
27329 ftp 16 0 6172 716 308 S 0 0.0 0:01.01 proftpd
15659 ftp 16 0 6172 592 308 S 0 0.0 0:00.99 proftpd
4944 ftp 16 0 6172 544 336 S 0 0.0 0:00.98 proftpd
5163 ftp 16 0 6304 544 336 S 0 0.0 0:00.99 proftpd
18964 ftp 16 0 6304 608 308 S 0 0.0 0:00.96 proftpd
19151 ftp 16 0 6304 620 328 S 0 0.0 0:00.99 proftpd
4986 ftp 16 0 6304 596 308 S 0 0.0 0:00.87 proftpd
30721 ftp 16 0 6436 612 312 S 0 0.0 0:00.94 proftpd
13808 ftp 16 0 6436 644 316 S 0 0.0 0:01.01 proftpd
13905 ftp 16 0 6436 640 316 S 0 0.0 0:00.97 proftpd
also when I checked the `ps aux` command I found a lot in this form:
Code:
ftp 22006 0.0 0.0 5512 424 ? S 01:24 0:01 proftpd: (accepting connections)
View 2 Replies
View Related
Aug 2, 2007
My Plesk version is 8.2 and i use debian 3.1, I check the instructions on
[url]
this faq, it seems added in both inetd configuration file and xinetd.d configuration file in my configuration, also xinetd is working through system but ftp cannot be connectable. It gives "Unable to login server" from remote client and i also check with command line ftp client and service says that "421 Service not available, remote server has closed connection"
I also check this
[url]
faq and port is open:
Quote:
Starting nmap 3.81 [url] at 2007-08-02 16:59 CEST
Interesting ports on xx-server.xxxxxx.net (xxx.xxx.xxx.xxx):
PORT STATE SERVICE
21/tcp open ftp
Nmap finished: 1 IP address (1 host up) scanned in 0.013 seconds
Is there anyone knows how could I solve this situation?
View 1 Replies
View Related
Jul 27, 2008
APache is running under the "nobody" user/group as default in CPanel servers
as a suggestion I should change it to another user/group to improve security!
But in CPanel servers its hard to do that because you must edit some scripts and files to prevent the backing to nobody when running some scripts such
PHP Code:
/scripts/chownpublichtmls/scripts/enablefileprotect
or when create a new account
Some sites says "the secret of changing the user/group is in the UID/GID of nobody < 100 !"
so I found a solution :
1 - delete the user/goup nobody
2 - recreate it with GID/UID > 30000
3 - run /scripts/chownpublichtmls
so the question is that solution improve security or i should change the user/group to another one! like "www"?
View 3 Replies
View Related
Apr 1, 2008
I have just restored an account to my directadmin box and it appears to have restored with the wrong owner / group.
Easy I thought, a quick 'chmod secure.secure -R *' should crack that but how wrong was I.
After running that I get the error: chown: invalid option -- o
Now - both the user and the group exist, so why won't the files change owner and group?
View 6 Replies
View Related
Sep 26, 2007
This might be a very broad question, but do they split up IP Address Groups for each region in countries? I know my country is quite small and all, but I was interested to know if IP addresses can be tracked for regions, more specifically in other countries.
View 0 Replies
View Related