---

Hejsa

Jeg har installeret Proftpd.
Jeg har en bruger X som har koden xxx på maskinen, denne bruger kan også
logge ind på min ftp til sit home.
X kan uploade og slette løse filer i roden. men kan ikek slette en hel mappe
da det kommer en acces denied.
Bibloteket er chmod til 777.

Noigen der har et forslag?

---

Den Tue, 19 Aug 2003 12:54:50 +0200, skrev Søren Gørtz Olesen:

> Hejsa
>
> Jeg har installeret Proftpd.
> Jeg har en bruger X som har koden xxx på maskinen, denne bruger kan også
> logge ind på min ftp til sit home.
> X kan uploade og slette løse filer i roden. men kan ikek slette en hel mappe
> da det kommer en acces denied.
> Bibloteket er chmod til 777.
>
> Noigen der har et forslag?
Det er ikke noget der bliver styret med chmod - det bliver styret gennem
proftpd.conf filen - finder den lige til dig...

<Directory /test/upload>
52 <Limit MKDIR STOR >
53 AllowAll
54 </Limit>
55 <Limit RMD DELE>
56 DenyAll
57 </Limit>
58 </Directory>

Denne angivelse gør, at alle må make dir og gemme og All må ikke slette
filer eller biblioteker...

<Directory /test/upload>
--
52 <Limit MKDIR RMD STOR >
53 AllowUser X
--
54 </Limit>
55 <Limit RMD DELE>
56 DenyAll
57 </Limit>
58 </Directory>
Burde gøre, at bruger X må det der står i AllowUser....
Håber du kan bruge det..

/ John

---

> <Directory /test/upload>
> 52 <Limit MKDIR STOR >
> 53 AllowAll
> 54 </Limit>
> 55 <Limit RMD DELE>
> 56 DenyAll
> 57 </Limit>
> 58 </Directory>
>
> Denne angivelse gør, at alle må make dir og gemme og All må ikke slette
> filer eller biblioteker...
>
> <Directory /test/upload>
> --
> 52 <Limit MKDIR RMD STOR >
> 53 AllowUser X
> --
> 54 </Limit>
> 55 <Limit RMD DELE>
> 56 DenyAll
> 57 </Limit>
> 58 </Directory>
> Burde gøre, at bruger X må det der står i AllowUser....
> Håber du kan bruge det..
>

Har prøvet at indsætte ovenstående uden held.
Hvordan skal min config fil redigeres?

-------------------
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "Sark.dk"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>

# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftp

# We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
#DisplayLogin welcome.msg
#DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>


</Global>

---

Hej Søren

Jeg ved ikke præcist hvordan din skal laves, men som jeg læser den, angiver
du DefaultRoot til ~
som betyder at du jailer den angivne bruger til sit homedir - hvis jeg
husker rigtigt.. Men det ser ud til at du kun har udkommenteret en del af
den anonyme del. Jeg vil tro at du skal udkommentere resten af den del..
Du må da også få nogle fejl, mht dine udkommenteringer - du har
udkommenteret starten af Anony men ikke Anony/ - det betyder at du ikke har
noget starttack men et sluttack.. Hvis du har lidt kendskab til xml (eller
lidt html) kan du se at det er opbygget med start og sluttack ex.

> #<Anonymous ~ftp>
#> </Anonymous>


.... de gange jeg har brugt proftpd har det været i forbindelse med opsætning
af en "traditionel" ftpserver... altså at DefaultRoot bliver sat til et
fælles bibliotek som eks.

DefaultRoot /test

Betyder så at alle der logger på ftp'en starter i roden i mappen test...
Den fil jeg har brugt til testformål i forbindelse med diverse
installationsparty...har jeg indsat nedenfor... nej forresten den er på
arbejde,, så den sender jeg imorgen..

Håber du kan bruge lidt af det... ellers håber jeg at jeg kan bistå dig lidt
mere i morgen - når jeg kommer på jobbet...

/John
> -------------------
> # This is a basic ProFTPD configuration file (rename it to
> # 'proftpd.conf' for actual use. It establishes a single server
> # and a single anonymous login. It assumes that you have a user/group
> # "nobody" and "ftp" for normal operation and anon.
>
> ServerName "Sark.dk"
> ServerType standalone
> DefaultServer on
>
> # Port 21 is the standard FTP port.
> Port 21
>
> # Umask 022 is a good standard umask to prevent new dirs and files
> # from being group and world writable.
> Umask 022
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd).
> MaxInstances 30
>
> # Set the user and group under which the server will run.
> User nobody
> Group nogroup
>
> # To cause every FTP user to be "jailed" (chrooted) into their home
> # directory, uncomment this line.
> DefaultRoot ~
>
> # Normally, we want files to be overwriteable.
> <Directory />
> AllowOverwrite on
> </Directory>
>
> # A basic anonymous configuration, no upload directories. If you do not
> # want anonymous users, simply delete this entire <Anonymous> section.
> #<Anonymous ~ftp>
> # User ftp
> # Group ftp
>
> # We want clients to be able to login with "anonymous" as well as "ftp"
> # UserAlias anonymous ftp
>
> # Limit the maximum number of anonymous logins
#> MaxClients 10
>
> # We want 'welcome.msg' displayed at login, and '.message' displayed
> # in each newly chdired directory.
> #DisplayLogin welcome.msg
> #DisplayFirstChdir .message
>
> # Limit WRITE everywhere in the anonymous chroot
#> <Limit WRITE>
#> DenyAll
#> </Limit>
#> </Anonymous>
>
>
> </Global>
>
>

---

Som lovet : min conf fil...

/John

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName         "TRYNIX - LINUX INSTALLATIONSPARTY"
ServerType         inetd
DefaultServer      on

# Port 21 is the standard FTP port.
Port                  21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                  022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances         30

# Set the user and group under which the server will run.
User            nobody
Group            ftp

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
DefaultRoot /test

# -- Styring af Directories ---

# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite      on
</Directory>


<Directory /test>
<Limit RETR>
AllowAll
</Limit>
<Limit RMD DELE >
DenyAll
</Limit>
</Directory>

<Directory /test/upload>
<Limit MKDIR STOR >
AllowAll
</Limit>
<Limit RMD DELE>
DenyAll
</Limit>
</Directory>

<Directory /test/programmer>
<Limit RETR>
AllowAll
</Limit>
<Limit RMD DELE STOR MKD>
DenyAll
</Limit>
</Directory>

<Directory /test/games>
<Limit RETR>
AllowAll
</Limit>
<Limit RMD DELE STOR MKD>
DenyAll
</Limit>
</Directory>

<Directory /test/movie>
<Limit RETR>
AllowAll
</Limit>
<Limit RMD DELE STOR MKD>
DenyAll
</Limit>
</Directory>

<Directory /test/test_dir>
<Limit MKDIR STOR DELE RMD>
AllowAll
</Limit>
</Directory>

#---- Slut med directories -----
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User            ftp
# Group            ftp

# We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias         anonymous ftp

# Limit the maximum number of anonymous logins
# MaxClients         10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
# DisplayLogin         welcome.msg
# DisplayFirstChdir      .message

# Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>

---

Tak skal du have..
Vil prøve det
"John Wegge" <wegge@trynix.dk> skrev i en meddelelse
news:pan.2003.08.20.08.59.29.697679@trynix.dk...
> Som lovet : min conf fil...
>
> /John
>
> # This is a basic ProFTPD configuration file (rename it to
> # 'proftpd.conf' for actual use. It establishes a single server
> # and a single anonymous login. It assumes that you have a user/group
> # "nobody" and "ftp" for normal operation and anon.
>
> ServerName "TRYNIX - LINUX INSTALLATIONSPARTY"
> ServerType inetd
> DefaultServer on
>
> # Port 21 is the standard FTP port.
> Port 21
>
> # Umask 022 is a good standard umask to prevent new dirs and files
> # from being group and world writable.
> Umask 022
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd).
> MaxInstances 30
>
> # Set the user and group under which the server will run.
> User nobody
> Group ftp
>
> # To cause every FTP user to be "jailed" (chrooted) into their home
> # directory, uncomment this line.
> #DefaultRoot ~
> DefaultRoot /test
>
> # -- Styring af Directories ---
>
> # Normally, we want files to be overwriteable.
> <Directory /*>
> AllowOverwrite on
> </Directory>
>
>
> <Directory /test>
> <Limit RETR>
> AllowAll
> </Limit>
> <Limit RMD DELE >
> DenyAll
> </Limit>
> </Directory>
>
> <Directory /test/upload>
> <Limit MKDIR STOR >
> AllowAll
> </Limit>
> <Limit RMD DELE>
> DenyAll
> </Limit>
> </Directory>
>
> <Directory /test/programmer>
> <Limit RETR>
> AllowAll
> </Limit>
> <Limit RMD DELE STOR MKD>
> DenyAll
> </Limit>
> </Directory>
>
> <Directory /test/games>
> <Limit RETR>
> AllowAll
> </Limit>
> <Limit RMD DELE STOR MKD>
> DenyAll
> </Limit>
> </Directory>
>
> <Directory /test/movie>
> <Limit RETR>
> AllowAll
> </Limit>
> <Limit RMD DELE STOR MKD>
> DenyAll
> </Limit>
> </Directory>
>
> <Directory /test/test_dir>
> <Limit MKDIR STOR DELE RMD>
> AllowAll
> </Limit>
> </Directory>
>
> #---- Slut med directories -----
> # A basic anonymous configuration, no upload directories. If you do not
> # want anonymous users, simply delete this entire <Anonymous> section.
> #<Anonymous ~ftp>
> # User ftp
> # Group ftp
>
> # We want clients to be able to login with "anonymous" as well as "ftp"
> # UserAlias anonymous ftp
>
> # Limit the maximum number of anonymous logins
> # MaxClients 10
>
> # We want 'welcome.msg' displayed at login, and '.message' displayed
> # in each newly chdired directory.
> # DisplayLogin welcome.msg
> # DisplayFirstChdir .message
>
> # Limit WRITE everywhere in the anonymous chroot
> # <Limit WRITE>
> # DenyAll
> # </Limit>
> #</Anonymous>
>