ProFTP is lot limiting access to specified members of group -- suggestions?

04-23-2004, 02:28 PM

We're running ProFTPD 1.2.7 on Red Hat 7.3, and I want to limit FTP
access to only members of the ftpusers group. Below is my
proftpd.conf file, which I do limit access to this group -- but it's
not working. Anyone with a valid username and password, whether
they're in the ftpusers group or not can successfully FTP in.

ServerName "The FTP Server"
ServerType standalone
DefaultServer on
DefaultRoot ~
TransferLog /ftplog/proftpxferlog
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
LogFormat read "%h %l %u %t \"%r\" %s %b"
Port 21
Umask 022
MaxInstances 500
User nobody
Group nogroup
<Directory />
AllowOverwrite on
# This should limit access to only members of the ftpusers group
# but it apparently isn't working as any user can FTP in.
<Limit READ WRITE DIRS>
AllowGroup ftpusers
DenyALL
</Limit>
</Directory>
<Global>
</Global>

Any suggestions? Thanks,

Alex.

04-23-2004, 04:43 PM

On 23 Apr 2004 07:28:56 -0700, Alex wrote:
> We're running ProFTPD 1.2.7 on Red Hat 7.3, and I want to limit FTP
> access to only members of the ftpusers group. Below is my
> proftpd.conf file, which I do limit access to this group -- but it's
> not working. Anyone with a valid username and password, whether
> they're in the ftpusers group or not can successfully FTP in.
>
><Directory />
> AllowOverwrite on
> # This should limit access to only members of the ftpusers group
> # but it apparently isn't working as any user can FTP in.
> <Limit READ WRITE DIRS>

Order deny,allow

> AllowGroup ftpusers
> DenyALL
> </Limit>
></Directory>

Just a guess, but try to modify it in the above way.

Ingo

--
Ingo Strauch ---- Registered Linux User #227900 (http://counter.li.org/)
http://www.the-one-brack.org/

04-24-2004, 10:49 PM

(E-Mail Removed) (Alex) wrote news:2ba4b4eb.0404230628.666b4c03
@posting.google.com:
> <Directory />
> AllowOverwrite on
> # This should limit access to only members of the ftpusers group
> # but it apparently isn't working as any user can FTP in.
> <Limit READ WRITE DIRS>
> AllowGroup ftpusers
> DenyALL
> </Limit>
> </Directory>

According to your configuration, any user should be abe to log in the ftp
server, but shouldn't be able to browse an read the content. Is that
correct ?

The Limit directive can't limit login except on the ip (using <Limit
LOGIN>).

You have many choice to block ftp login :

- use the /etc/ftpusers file :
http://proftpd.linux.co.uk/localsite...g_ref_UseFtpUs
ers.html

- use AuthGroupFile and maybe AuthUserFile on alternate (limited)
group/user file.

- use RequireValidShell and disable shell on invalid user.

- use a mysql database authentification where you copy allowed user, and
use the proftpd mysql directive.

Regards

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Members of group unable to write	Tom	Linux Networking	0	03-07-2006 10:56 AM
A special iTunes gift for all Telecom group members...	fin1976@gmail.com	Broadband	4	02-27-2006 06:08 PM
Howto find out all members of a multicast group?	JirkaJ	Linux Networking	8	10-27-2005 04:21 PM
Only allow domain members access to network	Richard	Windows Networking	8	08-18-2005 01:04 PM
Limiting access	Tom	Broadband Hardware	1	10-05-2004 09:37 PM