proftpd configuration
Moderator: General Moderators
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
proftpd configuration
i have a xampp installation running which has proftpd running.
i need to access a few web directories. they are at /opt/lampp/ and /var/www/. so i basically wanted to access these two paths as a available linux user. how do i do this? any suggestions.
i need to access a few web directories. they are at /opt/lampp/ and /var/www/. so i basically wanted to access these two paths as a available linux user. how do i do this? any suggestions.
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
i dont really want a wayaround fix. i need to give access to those directories using a valid username and password combination. thanks for your replies.d11wtq wrote:Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
So you want a user who can just access those directories?raghavan20 wrote:i dont really want a wayaround fix. i need to give access to those directories using a valid username and password combination. thanks for your replies.d11wtq wrote:Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
Code: Select all
mkdir /home/username/var_www
mount --bind /var/www /home/username/var_www
mkdir /home/username/opt_lampp
mount --bind /opt/lampp /home/username/opt_lampp- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
hello chris, here is an error message.d11wtq wrote:So you want a user who can just access those directories?raghavan20 wrote:i dont really want a wayaround fix. i need to give access to those directories using a valid username and password combination. thanks for your replies.d11wtq wrote:Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
Now "username" has access to those directories in his/her chroot ~/ directory. Put that in fstab too so it remounts at boot time.Code: Select all
mkdir /home/username/var_www mount --bind /var/www /home/username/var_www mkdir /home/username/opt_lampp mount --bind /opt/lampp /home/username/opt_lampp
Code: Select all
linux:/home/rag # ls
. .. opt_lampp var_www
linux:/home/rag # mount --bind /var/www /home/rag/var_www
mount: special device /var/www does not exist- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
thanks for letting me know that chris.
now, i have a different problem. yesterday, i was only able to list and read all these web files because of R permission available for others in web files. Now, i should be able to write to web files otherwise it is not of much use.
i discovered that if i put use this piece of code in proftpd.conf then i can allow users to modify files in their home directories.
but then i realized if i have allowOverwrite ON, then any user can bind some other files to their home directories and modify them.
current facts:
i thought i might do something like this:
i still got '550: overwrite permission denied'
so i did try somethingelse; i wanted to own all web files and see whether i could edit from ftp
i still got '550: overwrite permission denied'
as i told you earlier, i really want something like this
now, i have a different problem. yesterday, i was only able to list and read all these web files because of R permission available for others in web files. Now, i should be able to write to web files otherwise it is not of much use.
i discovered that if i put use this piece of code in proftpd.conf then i can allow users to modify files in their home directories.
Code: Select all
# Set the user and group that the server normally runs at.
User nobody
#Group nogroup
# to home directories
DefaultRoot ~
<Directory ~>
AllowOverwrite on
</Directory>but then i realized if i have allowOverwrite ON, then any user can bind some other files to their home directories and modify them.
current facts:
Code: Select all
1. apache is running under nobody.nogroup
2. proftptd is running under nobody
3. i want to allow developers like rag, mike to access web filesi thought i might do something like this:
Code: Select all
1. created a new group developers
2. added rag and mike to developers
3. changed ownership of web files to nobody.developers
4. changed permissions to 774 ( rwx rwx r-- )so i did try somethingelse; i wanted to own all web files and see whether i could edit from ftp
Code: Select all
1. permissions are still 774
2. ownership is now, rag.nogroupas i told you earlier, i really want something like this
Code: Select all
1. all developers should be able to access web files
2. all webdirectories can be bound to developers' home directories
3. php should be able to read, write and execute files.- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
You need to create a group like you've done. Then you need to make certain users in that group. Next, you need to set the permissions on any directories to be writable to that group and make it sticky so those permissions apply to any files created in the directory. Next, you need to set a umask (the inverse of chmod) in proftpd.conf for those directories. That should work fine then.
Code: Select all
group add developers
usermod -G developers raghavan20
chgrp -R /opt/lampp
chmod -R g+rwxs /opt/lampp
#and the umask to use in proftpd.conf
002- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
thanks chris.
i did whatever you have said but it allows to edit only if the following is there in proftpd.conf
current settings:
groups for rag:
directory permissions:
i did whatever you have said but it allows to edit only if the following is there in proftpd.conf
Code: Select all
<Directory ~>
AllowOverwrite on
</Directory>current settings:
groups for rag:
Code: Select all
linux:/opt/lampp/etc # groups rag
rag : users dialout video developersCode: Select all
drwxrwxr-- 8 nobody developers 4096 Feb 7 14:32 .
drwxr-xr-x 19 root root 4096 Feb 7 14:32 ..
drwxrwxr-- 6 nobody developers 4096 Feb 7 14:32 backend
drwxrwxr-- 3 nobody developers 4096 Feb 7 14:32 businesslogic
drwxrwxr-- 2 nobody developers 4096 Feb 12 10:12 configuration
drwxrwxr-- 6 nobody developers 4096 Feb 7 14:32 frontend
-rwxrwxr-- 1 nobody developers 5021 Feb 7 14:32 index.php
drwxrwxr-- 2 nobody developers 4096 Feb 7 14:32 mailtemplates
drwxrwxr-- 7 nobody developers 4096 Feb 7 14:32 reports- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia