Excluding users from ProFTP

Hi all,

I'm using ProFTPD 1.2.7, and I'd like to set it to exclude certain
users from having FTP access. I've read through the docs and searched
online, but I've found nothing showing how or if this is possible.

The reason I need to do this is we use our FTP server for both standard
FTP and secure FTP... and by default all users can use either method to
FTP in. Most of the time it doesn't matter if they use standard FTP,
but some data must be sent securely. I'm finding some users aren't
bothering to use a secure FTP client but instead are using standard FTP
-- so I want to exclude those users from having standard FTP access.
Suggestions if this is possible? Thanks,

Ringo



Ringo Langly

"Ringo Langly" <(E-Mail Removed)> wrote news:1103642621.689914.183810
@c13g2000cwb.googlegroups.com:
> I'm using ProFTPD 1.2.7, and I'd like to set it to exclude certain
> users from having FTP access. I've read through the docs and searched
> online, but I've found nothing showing how or if this is possible.
>
> The reason I need to do this is we use our FTP server for both standard
> FTP and secure FTP... and by default all users can use either method to
> FTP in. Most of the time it doesn't matter if they use standard FTP,
> but some data must be sent securely. I'm finding some users aren't
> bothering to use a secure FTP client but instead are using standard FTP
> -- so I want to exclude those users from having standard FTP access.
> Suggestions if this is possible? Thanks,

More information please : what is your ftp and secure ftp configuration ?
(same proftpd server ?, proftpd.conf file, ...).

If you use the proftp tls module :

"
Question: Can I require TLS on a per-user basis?
Answer: No. The IETF Draft specifying FTP over TLS requires that the TLS
handshake occur before the client sends the USER command. This means that
the server does not know the name of the user that the client will be
using when the TLS session is established. It is possible that the
client's certificate, if one is even presented, may contain information
the server may use to map that certificate to a user, but such mapping is
not currently supported by mod_tls. Note that this is also the reason the
TLSRequired directive cannot appear in the <Anonymous> context: anonymous
logins are based on the USER command.
"


Can you use 2 differents ips on your server (to create two virtuak ftp
server) ?

....


Regards

Hi Antoine,

The fact that we're using FTP over SSH is totally seperate from my
question, which is disallowing certain users from logging into the FTP
server via standard FTP (not FTP over SSH). I just put that blurb out
there because undoutably someone would ask 'why would you want to do
that'.

I basically was wondering if there's some simple statement I can put
into the proftpd.conf file to not allow some users access via proftp --
even if it's just an 'access denied' when they tried to login.

I didn't however think about using virtual IP's, which that is an
awesome option. Problem is we're limited on our external IP's, so I'm
not sure if we have any available IP's -- but I'll check on this.
Thanks for the suggestions and feedback, and take care,

Ringo

Ringo Langly wrote:
> I'm using ProFTPD 1.2.7, and I'd like to set it to exclude certain
> users from having FTP access. I've read through the docs and searched
> online, but I've found nothing showing how or if this is possible.

ftpusers(5)


--
qq~~~~\ [ úá IP âåú ãåîúõòù ]
/ /\ \ [ FAQ you ]
\ /_/ /
\____/ Linux console notes http://entresol.roger.net.ru/linux/console/

"Ringo Langly" <(E-Mail Removed)> wrote news:1103727615.290813.72780
@z14g2000cwz.googlegroups.com:
> I basically was wondering if there's some simple statement I can put
> into the proftpd.conf file to not allow some users access via proftp --
> even if it's just an 'access denied' when they tried to login.

In this case you may use the AuthUserFile directive and the ftpasswd
command to list the authorized users.

Regards