wie kann ich für den anonymous FTP denn den Platz beschränken im verzeichnis /home/ftp/
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
ServerName
"=|PWF|= Rootserver"
ServerType
standalone
DeferWelcome
off
MultilineRFC2228
on
DefaultServer
on
ShowSymlinks
on
TimeoutNoTransfer
600
TimeoutStalled
600
TimeoutIdle
1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter
\*.*/
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd
off
# Uncomment this if you would use TLS module:
TLSEngine
on
TLSLog
/var/log/tls.log
TLSProtocol
SSLv23
TLSOptions
NoCertRequest
TLSRSACertificateFile
/etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile
/etc/ssl/certs/proftpd.key.pem
TLSVerifyClient
off
# Uncomment this if you would use ratio module:
#Ratios
on
# Port 21 is the standard FTP port.
Port
21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances
30
# Set the user and group that the server normally runs at.
User
ftp
Group
nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask
022 022
# Normally, we want files to be overwriteable.
AllowOverwrite
on
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
DelayEngine
off
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User
ftp
Group
nogroup
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias
anonymous ftp
# Cosmetic changes, all files belongs to ftp user
DirFakeUser
on ftp
DirFakeGroup on ftpuser
RequireValidShell
on
# Limit the maximum number of anonymous logins
MaxClients
4
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin
welcome.msg
DisplayFirstChdir
.message
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit DELE RMD SITE_CHMOD RNTO RTFR>
DenyAll
</Limit>
</Directory>
# # Uncomment this if you're brave.
# <Directory incoming>
# # Umask 022 is a good standard umask to prevent new files and dirs
# # (second parm) from being group and world writable.
# Umask
022 022
# <Limit READ WRITE>
# DenyAll
# </Limit>
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
</Anonymous>
# Hier meine Ergänzungen
# chroot für alle User der Gruppe ftpuser
DefaultRoot
~ ftpuser
# Login nur von Mitgliedern der Gruppe ftpuser erlauben
<Limit LOGIN>
DenyGroup
!ftpuser
</Limit>
# Root-Login verbieten und gültige Shell verlangen (in /etc/shells)
<Global>
RootLogin
off
RequireValidShell on
</Global>
# Speed erhoehen
UseReverseDNS
off
IdentLookups off
# Logging Formate
LogFormat
default "%h %l %u %t \"%r\" %s %b"
LogFormat
auth "%v [%P] %h %t \"%r\" %s"
LogFormat
write "%h %l %u %t \"%r\" %s %b"
# Logging aktivieren
# alle logins
ExtendedLog
/var/log/ftp_auth.log AUTH auth
# file/dir Zugriff
ExtendedLog
/var/log/ftp_access.log WRITE,READ write
# für paranoide (vorsicht, erzeugt grosse Logfiles)
#ExtendedLog /var/log/ftp_paranoid.log ALL default
# FXP Unterstuetzung
AllowForeignAddress on
# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
# used to connect to the database
SQLConnectInfo proftpd@127.0.0.1 ftp <apüh>
# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell
# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members
# set min UID and GID - otherwise these are 999 each
SQLMinID 500
# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on
# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
# User quotas
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
Kannm an das auch über die Config limitieren ode rmuss ich das über Quota machen
