vsftpd problem

senzacionale · #1 3rd July 2005, 09:56 PM

i have problem with vsftpd.

I can't make that users which has shell on my comp can connect to their shell by ftp with their username and pass.

What i must do in vftpd.conf for that. I look in google and faq in ftp://vsftpd.beasts.org/users/cevans...ftpd-2.0.3/FAQ but i don't know

thnx

rayyes · #2 3rd July 2005, 10:04 PM

I haven't used vsftpd yet but...

the settings in the vsftpd.conf file should be like:
option=value

It is important to note that it is an error to put any space between the option, = and value.

also from the vsftpd MAN page:
An optional [configuration file] may be given on the command line. This configuration files has to be owned by root. The default configuration file is
/etc/vsftpd/vsftpd.conf.

are you sure you gave the configuration file while starting vsftpd?

Finally you should give the site http://www.vsftpdrocks.org a try.. It holds you hand through the whole process.

I hope that helps.

senzacionale · #3 3rd July 2005, 10:07 PM

thnx but i alreday look this but i can't fix that users which has shell can connect to their directory by username and passwd?

senzacionale · #4 3rd July 2005, 10:09 PM

i try proftpd but i cant make this

addgroup ftpuser
usermod -G ftpuser username

i try by this faq but addgroup not working!

Code:

So far there was created a standard configuration file. To grant only some users access over ftp, who only can view their homedir on the server (chroot environment), put this users together in one secondary group. Access will only be able for users of this group. At first, create this group.

obelix:~# addgroup ftpuser

Then, every user who should have ftp acces have to be at least a secondary member of this group. Either you choose the option -G ftpuser at creating the user or additional you add users to the secondary group using

obelix:~# usermod -G ftpuser username

An adapted configuration file could look like this:

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "meinserver"
ServerType inetd
DeferWelcome off

ShowSymlinks on
MultilineRFC2228 on
DefaultServer on
AllowOverwrite on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
LsDefaultOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

AllowOverwrite on
</Directory>

# here are my improvements

# chroot for all users of the group ftpuser
DefaultRoot ~ ftpuser

# grant login only for members of the group
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>

# disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin off
RequireValidShell on
</Global>

# increase
UseReverseDNS off
IdentLookups off

# Logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# activate logging

# every login
ExtendedLog /var/log/ftp_auth.log AUTH auth

# file/dir access
ExtendedLog /var/log/ftp_access.log WRITE,READ write

# forr paranoid (big logfiles!)
#ExtendedLog /var/log/ftp_paranoid.log ALL default

gavinw6662 · #5 4th July 2005, 05:04 AM

hmmm, how is your setup, behind a normal linksys type router?? To get it to work on my home box, I had to set it in promiscous mode.

senzacionale · #6 4th July 2005, 02:42 PM

hmm

yes i am behind router but port 21 is opend and foward to thi IP.

Now i am trying proftpd but i don't know how to make addgroupr. How to add groups in fedora!

holycrap · #7 4th July 2005, 03:09 PM

Quote:

Originally Posted by senzacionale

Now i am trying proftpd but i don't know how to make addgroupr. How to add groups in fedora!

Use system-config-users.

Or, if you want to do it via the command line, use /usr/sbin/groupadd. I suggest reading man groupadd first.