proftpd configuration

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

proftpd configuration

Post by raghavan20 »

i have a xampp installation running which has proftpd running.

i need to access a few web directories. they are at /opt/lampp/ and /var/www/. so i basically wanted to access these two paths as a available linux user. how do i do this? any suggestions.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

In what way do you need to access them? As a user? FTP? HTTP? Allow the proftpd process access? etc?
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

basically i wanted to access these from zend using ftp.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

d11wtq wrote:Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
i dont really want a wayaround fix. i need to give access to those directories using a valid username and password combination. thanks for your replies.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

raghavan20 wrote:
d11wtq wrote:Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
i dont really want a wayaround fix. i need to give access to those directories using a valid username and password combination. thanks for your replies.
So you want a user who can just access those directories?

Code: Select all

mkdir /home/username/var_www
mount --bind /var/www /home/username/var_www
mkdir /home/username/opt_lampp
mount --bind /opt/lampp /home/username/opt_lampp
Now "username" has access to those directories in his/her chroot ~/ directory. Put that in fstab too so it remounts at boot time.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

d11wtq wrote:
raghavan20 wrote:
d11wtq wrote:Turn chroot'ing off by commenting out the line that says "DefaultRoot ~". Then you can get to "/" when you connect. Be aware of the (increased) security issues involved with doing this though. Definitely make sure that the <Anonymous > block has a DefaultRoot set in it.
i dont really want a wayaround fix. i need to give access to those directories using a valid username and password combination. thanks for your replies.
So you want a user who can just access those directories?

Code: Select all

mkdir /home/username/var_www
mount --bind /var/www /home/username/var_www
mkdir /home/username/opt_lampp
mount --bind /opt/lampp /home/username/opt_lampp
Now "username" has access to those directories in his/her chroot ~/ directory. Put that in fstab too so it remounts at boot time.
hello chris, here is an error message.

Code: Select all

linux:/home/rag # ls
.  ..  opt_lampp  var_www
linux:/home/rag # mount --bind /var/www /home/rag/var_www
mount: special device /var/www does not exist
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Does /var/www exist? Do a ls -l to make sure it's not a symlink to somewhere else.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

d11wtq wrote:Does /var/www exist? Do a ls -l to make sure it's not a symlink to somewhere else.
yes www did not exist. i thought it existed by default. but your idea worked great chris. thanks very much again for your help this time. have a great day.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Web roots vary from distro to distro. I always just set my own up at /srv/www. Some use /srv/www, some use /var/www some use /home/httpd etc. You can't rely on anything being in a "standard" place unless oit's integral to the operating system.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

thanks for letting me know that chris.

now, i have a different problem. yesterday, i was only able to list and read all these web files because of R permission available for others in web files. Now, i should be able to write to web files otherwise it is not of much use.

i discovered that if i put use this piece of code in proftpd.conf then i can allow users to modify files in their home directories.

Code: Select all

# Set the user and group that the server normally runs at.
User                            nobody
#Group                          nogroup

# to home directories
DefaultRoot ~

<Directory ~>
      AllowOverwrite          on
</Directory>

but then i realized if i have allowOverwrite ON, then any user can bind some other files to their home directories and modify them.




current facts:

Code: Select all

1. apache is running under nobody.nogroup
2. proftptd is running under nobody
3. i want to allow developers like rag, mike to access web files

i thought i might do something like this:

Code: Select all

1. created a new group developers
2. added rag and mike to developers
3. changed ownership of web files to nobody.developers
4. changed permissions to 774 ( rwx rwx r-- )
i still got '550: overwrite permission denied'


so i did try somethingelse; i wanted to own all web files and see whether i could edit from ftp

Code: Select all

1. permissions are still 774
2. ownership is now, rag.nogroup
i still got '550: overwrite permission denied'



as i told you earlier, i really want something like this

Code: Select all

1. all developers should be able to access web files
2. all webdirectories can be bound to developers' home directories
3. php should be able to read, write and execute files.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

You need to create a group like you've done. Then you need to make certain users in that group. Next, you need to set the permissions on any directories to be writable to that group and make it sticky so those permissions apply to any files created in the directory. Next, you need to set a umask (the inverse of chmod) in proftpd.conf for those directories. That should work fine then.

Code: Select all

group add developers
usermod -G developers raghavan20
chgrp -R /opt/lampp
chmod -R g+rwxs /opt/lampp

#and the umask to use in proftpd.conf
002
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

thanks chris.

i did whatever you have said but it allows to edit only if the following is there in proftpd.conf

Code: Select all

<Directory ~>
        AllowOverwrite          on
</Directory>

current settings:
groups for rag:

Code: Select all

linux:/opt/lampp/etc # groups rag
rag : users dialout video developers
directory permissions:

Code: Select all

drwxrwxr--   8 nobody developers 4096 Feb  7 14:32 .
drwxr-xr-x  19 root   root       4096 Feb  7 14:32 ..
drwxrwxr--   6 nobody developers 4096 Feb  7 14:32 backend
drwxrwxr--   3 nobody developers 4096 Feb  7 14:32 businesslogic
drwxrwxr--   2 nobody developers 4096 Feb 12 10:12 configuration
drwxrwxr--   6 nobody developers 4096 Feb  7 14:32 frontend
-rwxrwxr--   1 nobody developers 5021 Feb  7 14:32 index.php
drwxrwxr--   2 nobody developers 4096 Feb  7 14:32 mailtemplates
drwxrwxr--   7 nobody developers 4096 Feb  7 14:32 reports
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Yeah it's a stupid default. You want that turned on. You still need permissions. Without that, you need to delete the file, then add it again - seems silly to me.
Post Reply