who can fix a proftpd.conf problem

hi

I use redhat 9.0 and i have a problem.

I add a user in file /etc/passwd en in de group file with name xxxxx

/etc/passwd:
xxxxxx:x:33003:33003::/rommel/ftp:/sbin/nologin

etc/group :
xxxxxx:x:33003:

and the extra users make i in file "extra"

extra1:ha6l1bQ:33003:33003::/rommel/ftp:/sbin/nologin
extra2:hr5t6bQ:33003:33003::/rommel/ftp:/sbin/nologin
extra3:5332bQ:33003:33003::/rommel/ftp:/sbin/nologin
extra4:hb433e3:33003:33003::/rommel/ftp:/sbin/nologin



now the problem:

have i login with xxxxxx
the account give the limit that i setting in the proftpd.conf file -> i cant
delete and etc..
but have i login with extra1 or 2 or .... than have i full access i can
delete or rename the file
or upload on every directory.
there is no limit
that is not what i will.

so why he do that ? extra1 have owr/group = xxxxxx
can someone fix that problem?

thnks anyway


in file proftpd.conf:


ServerName "jajajaja"
ServerIdent on ""
SystemLog /var/log/proftpd/debug.ftp
SysLogLevel crit
AuthUserFile /etc/extra
ServerType standalone
DefaultRoot ~
Port 21
Umask 022
User xxxxxx
Group xxxxxx
UseGlobbing on
# fxp on or off
AllowForeignAddress off
MaxLoginAttempts 3
DefaultServer on
DefaultTransferMode binary
DeferWelcome on

<Anonymous ~>
UseFtpUsers on
User xxxxxx
Group xxxxxx
Umask 022
AnonrequirePassword on
DisplayLogin login.txt
MaxClients 1 "so busy,busy,busy"
AllowForeignAddress off
<Limit WRITE>
DenyAll
</Limit>
<Directory incoming>
AllowStoreRestart on
AllowOverWrite on
<Limit READ>
DenyAll
</Limit>
<Limit STOR SIZE MKD>
AllowAll
</Limit>
</Directory>
</Anonymous>

"volkman" <askme@that> wrote
news:40895ebf$0$11267$(E-Mail Removed) et.net:
> have i login with xxxxxx
> the account give the limit that i setting in the proftpd.conf file ->
> i cant delete and etc..

According to your config file, you define limit only for the anonymous
account (xxxxxxx is the anonymous I suppose ?).

You should add limit for all (regular) user :

# Limit on the whole disk (for every body)
# DON'T put this int the <anonymous ~> tag
<Directory /*>
<Limit WRITE>
DenyAll
</Limit>
<Limit SITE_CHMOD>
DenyAll
</Limit>
</Directory>


# Limit in the home dir (of any user)
# DON'T put this int the <anonymous ~> tag
# You don't need this if you just want to limit any WRITE
# (the previous rule limit WRITE anywhere, so in home dir too)
<Directory ~>
<Limit WRITE>
AllowAll
</Limit>
<Limit SITE_CHMOD>
DenyAll
</Limit>
</Directory>


Regards

"Antoine EMERIT" <(E-Mail Removed)> schreef in bericht
news:XnF94D61978E912antoineemerit@212.27.42.71...
> "volkman" <askme@that> wrote
> news:40895ebf$0$11267$(E-Mail Removed) et.net:
> > have i login with xxxxxx
> > the account give the limit that i setting in the proftpd.conf file ->
> > i cant delete and etc..
>
> According to your config file, you define limit only for the anonymous
> account (xxxxxxx is the anonymous I suppose ?).
>
> You should add limit for all (regular) user :
>
> # Limit on the whole disk (for every body)
> # DON'T put this int the <anonymous ~> tag
> <Directory /*>
> <Limit WRITE>
> DenyAll
> </Limit>
> <Limit SITE_CHMOD>
> DenyAll
> </Limit>
> </Directory>
>
>
> # Limit in the home dir (of any user)
> # DON'T put this int the <anonymous ~> tag
> # You don't need this if you just want to limit any WRITE
> # (the previous rule limit WRITE anywhere, so in home dir too)
> <Directory ~>
> <Limit WRITE>
> AllowAll
> </Limit>
> <Limit SITE_CHMOD>
> DenyAll
> </Limit>
> </Directory>
>
>
> Regards

hi

i think i am not verry clear

what i will is that every extra user that i make
this rules use.

Anonymous ~>
UseFtpUsers on
User xxxxxx
Group xxxxxx
Umask 022
AnonrequirePassword on
DisplayLogin login.txt
MaxClients 1 "so busy,busy,busy"
AllowForeignAddress off
<Limit WRITE>
DenyAll
</Limit>
<Directory incoming>
AllowStoreRestart on
AllowOverWrite on
<Limit READ>
DenyAll
</Limit>
<Limit STOR SIZE MKD>
AllowAll
</Limit>
</Directory>
</Anonymous>

must i write a new anonymous rules for every extra user that i make?

"volkman" <askme@that> wrote
news:408be8ea$0$11255$(E-Mail Removed) et.net:
> what i will is that every extra user that i make
> this rules use.
>
> Anonymous ~>
....

> must i write a new anonymous rules for every extra user that i make?

Anonymous apply to the anonymous user, that is 'anonymous' or 'ftp' login
or any user define with the UserAlias directive
(http://www.proftpd.org/docs/directiv...UserAlias.html)

Now if you want to apply the same rule to all user, define it in the
<Global> tag (not int the <Anonymous> tag).


Regards

"Antoine EMERIT" <(E-Mail Removed)> schreef in bericht
news:XnF94D6D6BA0BB11antoineemerit@212.27.42.70...
> "volkman" <askme@that> wrote
> news:408be8ea$0$11255$(E-Mail Removed) et.net:
> > what i will is that every extra user that i make
> > this rules use.
> >
> > Anonymous ~>
> ...
>
> > must i write a new anonymous rules for every extra user that i make?
>
> Anonymous apply to the anonymous user, that is 'anonymous' or 'ftp' login
> or any user define with the UserAlias directive
> (http://www.proftpd.org/docs/directiv...UserAlias.html)
>
> Now if you want to apply the same rule to all user, define it in the
> <Global> tag (not int the <Anonymous> tag).
>
>
> Regards

hi

oke that work with UserAlias but there have all the same passwd
how can i give a passwd to every UserAlias that i make?

thnks for your help

"volkman" <askme@that> wrote
news:408d2011$0$8991$(E-Mail Removed) t.net:
> oke that work with UserAlias but there have all the same passwd
> how can i give a passwd to every UserAlias that i make?

I'm sorry but you can't because there no more distinct user with UserAlias.
They are all mapped to the aliased real user.

Regards