PROFTPD: Some users cannot upload files, some users cannot get directory listing

Discussion in 'Linux Networking' started by Marc, Oct 24, 2003.

  1. Marc

    Marc Guest

    I am behind a firewall and my local computers can login as any user
    with WS-FTP, FTP Voyager, and Coffee Cup and do all normal ftp
    activities. My external users, however, experience the following
    problems:

    Some users can login, but cannot get a directory listing, some users
    can login but not u/l, and yet other users can login but cannot u/l or
    d/l.

    Personal folders have owner & group as their login names. All users
    (through Samba) have access to the appropriate folders and work
    flawlessly in-house.

    --------------------------------------------------------------------
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.6 2003/09/24 10:51:11 dude Exp $

    ServerName "ProFTPD server"
    ServerIdent on "FTP Server ready."
    ServerAdmin [email protected]
    ServerType standalone
    #ServerType inetd
    AccessGrantMsg "User %u logged in."
    #DisplayConnect /etc/ftpissue
    #DisplayLogin /etc/ftpmotd
    #DisplayGoAway /etc/ftpgoaway
    DeferWelcome off

    # Use this to excude users from the chroot
    DefaultRoot ~ !adm

    # Use pam to authenticate by default
    AuthPAMAuthoritative off

    # Do not perform ident nor DNS lookups (hangs when the port is
    filtered)
    IdentLookups off
    UseReverseDNS off

    # Port 21 is the standard FTP port.
    Port 21

    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask 022

    # Default to show dot files in directory listings
    ListOptions "-a"

    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228 off
    #RootLogin off
    #LoginPasswordPrompt on
    #MaxLoginAttempts 3
    #MaxClientsPerHost none
    #AllowForeignAddress off # For FXP

    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart on
    AllowStoreRestart on

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 20

    # Set the user and group that the server normally runs at.
    User ftp
    Group ftp

    # This is where we want to put the pid file
    ScoreboardFile /var/run/proftpd.score

    # Normally, we want users to do a few things.
    <Global>
    AllowOverwrite on
    <Limit ALL SITE_CHMOD>
    AllowAll
    </Limit>
    AllowRetrieveRestart on
    AllowStoreRestart on
    DefaultTransferMode binary
    DefaultChdir /home
    DeleteAbortedStores off
    RootLogin off
    AuthAliasOnly off
    </Global>

    # Define the log formats
    LogFormat default "%h %l %u %t \"%r\" %s %b"
    LogFormat auth "%v [%P] %h %t \"%r\" %s"

    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine on
    #TLSRequired on
    #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
    #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
    #TLSCipherSuite ALL:!ADH:!DES
    #TLSOptions NoCertRequest
    #TLSVerifyClient off
    ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
    #TLSLog /var/log/proftpd/tls.log

    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    # User ftp
    # Group ftp
    # AccessGrantMsg "Anonymous login ok, restrictions apply."
    #
    # # We want clients to be able to login with "anonymous" as well as
    "ftp"
    # UserAlias anonymous ftp
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10 "Sorry, max %m users -- try again later"
    #
    # # Put the user into /pub right after login
    # #DefaultChdir /pub
    #
    # # We want 'welcome.msg' displayed at login, '.message' displayed in
    # # each newly chdired directory and tell users to read README*
    files.
    # DisplayLogin /welcome.msg
    # DisplayFirstChdir .message
    # DisplayReadme README*
    #
    # # Some more cosmetic and not vital stuff
    # DirFakeUser on ftpadm
    # DirFakeGroup on ftpadm
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # <Limit WRITE SITE_CHMOD>
    # DenyAll
    # </Limit>
    #
    # # An upload directory that allows storing files but not retrieving
    # # or creating directories.
    # <Directory uploads/*>
    # AllowOverwrite no
    # <Limit READ>
    # DenyAll
    # </Limit>
    #
    # <Limit STOR>
    # AllowAll
    # </Limit>
    # </Directory>
    #
    # # Don't write anonymous accesses to the system wtmp file (good
    idea!)
    # WtmpLog off
    #
    # # Logging for the anonymous transfers
    # ExtendedLog /var/log/proftpd/access.log WRITE,READ default
    # ExtendedLog /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>

    <VirtualHost ftp.tconsulting.org>
    DefaultRoot ~ !ftpusers
    DefaultRoot /home ftpusers
    AllowRetrieveRestart on
    AllowStoreRestart on
    DefaultServer on
    DefaultTransferMode binary
    <Limit STOR>
    AllowAll
    </Limit>
    # MasqueradeAddress 10.4.10.4
    DeleteAbortedStores off
    ServerAdmin
    ServerName "T Consulting"
    RootLogin off
    </VirtualHost>
     
    Marc, Oct 24, 2003
    #1
    1. Advertisements

  2. Marc

    Joe Dunning Guest

    If it is different users, they are probalby using different clients,
    which may use different modes (active, passive) by default.

    This does not explain the 3 different types of behavior, but it might be
    worth checking to see if your firewall allows both active and passive
    transfers to/from external users.
     
    Joe Dunning, Oct 24, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.