Problems with DefaultRoot in Proftpd 1

[bscull]

I am using Proftpd and want to jail some users in a dir. But when i change the proftpd.conf file and ftp into the server I can view all dir. on my box.

I have try the below settings and it still does not work:-(

DefaultRoot ~
DefaultRoot /var/ftp (the dir I setup)
DefaultRoot /var/ftp ftpusers (the ftpusers is the group)

Can someone please help me.

Thanks

Bscull

 

[RhythmAce]

Did you restart the server after editing the .conf file? Are you sure that proftpd is the ftp server that is running. There ain't no "#" in front of DefaultRoot ~ is there? Sorry for the dumb questions but I figured you already checked the hard stuff.

 

[bscull]

I restart Proftpd by typing ftpshut Now, is this right?
Proftpd is the ftp server that is running
and there is no # in front of the DefaulRoot ~

Have you any other thoughts on this.

Thanks

Brian.

 

[fluid11]

Don't use the ftpshut command to stop the server. This command is used to kill all sessions and deny new ones to everyone but the superuser. If the /etc/shutmsg file exists now, you'll have to delete it to allow new connections. To stop the server, try...

kill `pidof /path_to_proftpd_binary`
kill `pidof /usr/local/proftpd/sbin/proftpd`

Do you have all three of the "DefaultRoot" directives listed in the same config, or just one at a time? You can only have one, unless you specify a different group for each.

Try using "DefaultRoot /var/ftp" and make sure that the user and group that ProFTPd runs as, has access to that folder.

In the proftpd.conf....
DefaultRoot /var/ftp
User ftpuser
Group ftpgroup


Run these commands...
chmod 770 /var/ftp -R
chown ftpuser.ftpgroup /var/ftp -R

...and then make sure to restart the daemon, as you always should when making changes to the config file.

Don't try to log in as root. Only log in as a regular user who is in the "ftpgroup" group.

ChrisP

 

[bscull]

THANKS!!!

Restarting proftpd the right way sort it out.

thanks for all your help!

Bscull

 

[bscull]

just ran into another problem. Trying to change permissions on the dir. that the users will see. My directories are:

/var/ftp/pub
/var/ftp/pub/books
/var/ftp/pub/work

I want the users to have the following permissions.

1. Not to be the owners
2. Only to have read access.

When I set this up, I cannot login to the server with that account.

This is what I have try to date, with every chmod command I can think off (444,544,720, etc)

chown bscull.bscull /var/ftp/pub/ -R
(bscull is my account, ftpusers will be the users account)

chown 744 /var/ftp/pub/ -R

 

[fluid11]

What group did you specify in the proftpd.conf file? That group must own those directories and you probably have to add any FTP user to that group as well.

ChrisP

 

[danielhozac]

The directories need to have execute access for everyone who should be able to read it. If they don't, they will not be able to descend into it.

//Daniel

 

[bscull]

Got it sorted. Thanks for all your help (again)

Bscull