proftpd user account and directory access

hi,

I have a question about proftpd. I have installed it and it seems to
be working fine.

Now I have accounts with their home directory (i.e.
/home/UserAccountExample).

I also have accounts on the machine without a autogenerated home
directory (I manually edited the /etc/passwd file).

I want to have users that I specify which directory they can access
using ftp. (i.e. user - jon has access to /www/html/jon directory).

however this is not working. Only users with their autogenerated home
directories can get in using ftp client,the others are booted out.

I have setup my linux server a certain way and need the proftpd server
to work the way I have specified.

Now when I login from the shell using a account without its own system
generated home directory I get this:

No directory /www/html/eyeuniversal!
Logging in with home = "/".
bash: /www/html/eyeuniversal/.bash_profile: Permission denied

I look at the system messages (/var/log/messages) and it reads:

session opened for user eyeuniversal
eyeuniversal chroot ("~/"): No such file or directory
-error: unable to set default root directory
session closed for user eyeuniversal

Another thing is that all my users belong to webAuthor group that have
765 permission on /www and all the way down the tree.

Any help would greatly be appreciated

Thanks

Dhruv

hi.

you must have home directories for your ftp users. it doesn't matter
that they are the same. for example /www for all. proftp chroots to this
direcotry so that users can't access direcotries above it.

edit out the passwd and change homedir.
username:x:uid:gid:name:homedir:shell

jozef.

Dhruv wrote:
> hi,
>
> I have a question about proftpd. I have installed it and it seems to
> be working fine.
>
> Now I have accounts with their home directory (i.e.
> /home/UserAccountExample).
>
> I also have accounts on the machine without a autogenerated home
> directory (I manually edited the /etc/passwd file).
>
> I want to have users that I specify which directory they can access
> using ftp. (i.e. user - jon has access to /www/html/jon directory).
>
> however this is not working. Only users with their autogenerated home
> directories can get in using ftp client,the others are booted out.
>
> I have setup my linux server a certain way and need the proftpd server
> to work the way I have specified.
>
> Now when I login from the shell using a account without its own system
> generated home directory I get this:
>
> No directory /www/html/eyeuniversal!
> Logging in with home = "/".
> bash: /www/html/eyeuniversal/.bash_profile: Permission denied
>
> I look at the system messages (/var/log/messages) and it reads:
>
> session opened for user eyeuniversal
> eyeuniversal chroot ("~/"): No such file or directory
> -error: unable to set default root directory
> session closed for user eyeuniversal
>
> Another thing is that all my users belong to webAuthor group that have
> 765 permission on /www and all the way down the tree.
>
> Any help would greatly be appreciated
>
> Thanks
>
> Dhruv

"Dhruv" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> hi,
>
> I have a question about proftpd. I have installed it and it seems to
> be working fine.
>
> Now I have accounts with their home directory (i.e.
> /home/UserAccountExample).
>
> I also have accounts on the machine without a autogenerated home
> directory (I manually edited the /etc/passwd file).
>
> I want to have users that I specify which directory they can access
> using ftp. (i.e. user - jon has access to /www/html/jon directory).

A: The directory has to exist, with the correct ownership.

B: I believe that ProFTPd requires the same root-cage structure that wu-ftpd
requires, with critical libraries and a local etc/passwd and etc/group file
at the chroot root of the user's directory where it says "/./".

> however this is not working. Only users with their autogenerated home
> directories can get in using ftp client,the others are booted out.
>
> I have setup my linux server a certain way and need the proftpd server
> to work the way I have specified.

Can you work with vsftpd instead? I've come to really like it, especially
because I can use the system's /etc/passwd files but still get chroot like
behavior.

On Sun, 11 Jan 2004 00:20:39 -0500, "Nico Kadel-Garcia"
<(E-Mail Removed)> wrote:

>B: I believe that ProFTPd requires the same root-cage structure that wu-ftpd
>requires, with critical libraries and a local etc/passwd and etc/group file
>at the chroot root of the user's directory where it says "/./".
>

The authors of ProFTPd have taken extra steps to gather all this
information before it change-roots itself and then drops privlages. So
in this case you don't need all the extra files that you would need with
other FTP daemons.

There was a bug in PAM at one point that it needed the file
etc/security/pam_env.conf to exist so it could log that the ftp session
had closed. But that is not ProFTPd and I'm not certain if it has been
fixed.


Brad
--
"From childhood's hour I have not been as others were...
I have not seen as others saw." Edgar Allen Poe

Bradley W. Olin
http://www.bwo1.com

On 6 Jan 2004 19:09:10 -0800, (E-Mail Removed) (Dhruv) wrote:

>I want to have users that I specify which directory they can access
>using ftp. (i.e. user - jon has access to /www/html/jon directory).
>
It is true that the user has to have home directory, but... ProFTPd has
an option to allow cd to follow symlinks. So you can give a traditional
home directory for said user, then add a symlink to the html content.
Something like...

cd ~$USR ; ln -s /www/html/$USR www ; chown $USR.$GRP /www/html/$USR

Be careful with the follow symlinks option and restrict it to users who
must have it. I don't recommend it on a system wide bases.


Brad
--
"From childhood's hour I have not been as others were...
I have not seen as others saw." Edgar Allen Poe

Bradley W. Olin
http://www.bwo1.com