2

There works a FTP Server (proftpd) on Centos 6.5, Auth mech is AUTH_FILE and default ROOT is /var/ftp all User should put Files into this directory but only 2 User should get or list this files. Is it possible to deny some FTP Commands for a few Users?

My proftpd Config looks like:

DefaultRoot                     /var/ftp/
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_file.c  mod_auth_unix.c
RequireValidShell  off
AuthUserFile  /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
AuthPAM off
RequireValidShell off

The content of /etc/proftpd/ftpd.group is:

ftp_group:x:50:user1

And the user file /etc/proftpd/ftpd.passwd looks like:

user1:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false
user2:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false
user3:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false

User1 should be the user who can't get or list Files on the FTP Server. Is it possible?

Castaglia
  • 3,349
  • 3
  • 21
  • 42
kockiren
  • 886
  • 3
  • 14
  • 37
  • It's entirely possible. Did you read the documentation, e.g. http://www.proftpd.org/docs/faq/linked/faq-ch5.html ? – Jenny D Dec 11 '13 at 14:39
  • What section you mean, I can't find a section to deny or reject commands – kockiren Dec 11 '13 at 14:54
  • http://www.proftpd.org/docs/faq/linked/faq-ch5.html#AEN524 should give you a basis to start from. But I'd advise you to read the whole thing. – Jenny D Dec 11 '13 at 15:00
  • If I understand this section right it is to build a security tree for a user, but the user should use the same directory as the other users but without permission to run the get or list command. – kockiren Dec 11 '13 at 15:19

1 Answers1

0

Related to this Documentation (In the example section) I use LIMIT Command to reject the FTP Commands. The following was add to the proftpd.conf:

<Directory /var/ftp>
 <Limit ALL>
      DenyAll
 </Limit>

 <Limit DIRS READ>
    AllowUser user1
    AllowUser user2
    DenyAll
 </Limit>
</Directory>

User3 can use the LIST Command (ls) but proftpd deny the command and return an empty result and the other User (User1 and User2) can use this Commands.

kockiren
  • 886
  • 3
  • 14
  • 37