|
Titel: Kleine Konfigurationsprobleme Beitrag von: Anonymous am 22. September 2004, 03:06:39 Hiho,
ich möchte, dass sich user der gruppe ftpuser anmeden können und im verzeichniss /stuff/ftproot landen. das funktioniert auch soweit. in das verzeichniss /stuff/ftproot mount ich mit "mount --bind" andere verzeichnisse. Im /stuff/movies werden noch 4 weitere partitionen gemountet. das habe ich mit "mount --rbind /stuff/movies /stuff/ftproot/movies" gemountet. jetzt werden nur dateien und ordern im /stuff/ftproot/movies/movies1 angezeigt und in movies2,3,4 nicht. Allerdings ist das nur per ftp so. per ssh oder direkt werden in allen subdirs dateien angezeigt. Warum ist das so? 2. Frage: wenn ich jetzt die rechte der verzeichnisse in /stuff/ftproot/ einschränken will, mach ich das ja mit "<Directory>" und "<Limit>". was muss da dann als Pfad rein. der tatsächliche /stuff/movies oder /stuff/ftproot/movies ? Auszug von mount: Code: /stuff/medien on /stuff/ftproot/medien type none (rw,bind) /stuff/movies on /stuff/ftproot/movies type none (rw,bind) /stuff/daten/programme on /stuff/ftproot/programme type none (rw,bind) /stuff/spiele on /stuff/ftproot/spiele type none (rw,bind) /stuff/public on /stuff/ftproot/public type none (rw,bind) /stuff/todo on /stuff/ftproot/todo type none (rw,bind) hier meine config: Code: ServerType standalone DefaultServer on Umask 022 ServerName "10.84.0.1" ServerIdent on "Sanni's Ftp Server" Bind "10.84.0.1" IdentLookups off UseReverseDNS off Port 21 PassivePorts 49152 65534 MaxInstances 30 MaxLoginAttempts 3 TimeoutLogin 300 TimeoutNoTransfer 120 TimeoutIdle 120 User nobody Group nobody AllowForeignAddress on AllowRetrieveRestart on AllowStoreRestart on #TransferRate RETR 3000 #TransferRate STOR 3000 #TransferRate STOU 3000 #TransferRate APPE 3000 <Limit LOGIN> DenyGroup !ftpuser </Limit> DefaultRoot /stuff/ftproot Titel: Re: Kleine Konfigurationsprobleme Beitrag von: stonki am 22. September 2004, 12:38:30 klappt das ohne "defaultroot" ?
Titel: Kleine Konfigurationsprobleme Beitrag von: sanni am 22. September 2004, 21:54:46 habe noch en bischen rum probiert. jetzt funktioniert "mount --rbind" optimal :D, nur mein Anonymous geht noch nicht. Als anonymous soll man im verzeichniss "/stuff/ftproot/" landen und nur auf den "public" ordner zugriff haben. die restlichen ordner soll man sehen aber nicht zugreifen.
theoretisch sollt das so funktionieren. nur kommt beim login als anomymous folgendes. client: Code: USER anonymous 331 Anonymous login ok, send your complete email address as your password. PASS (hidden) 530-Unable to set anonymous privileges. 530 Login incorrect. Connection failed proftpd -nd9: Code: sanni (10.84.0.2[10.84.0.2]) - ident lookup disabled sanni (10.84.0.2[10.84.0.2]) - ROOT PRIVS at main.c:977 sanni (10.84.0.2[10.84.0.2]) - SETUP PRIVS at main.c:982 sanni (10.84.0.2[10.84.0.2]) - performing module session initializations sanni (10.84.0.2[10.84.0.2]) - ROOT PRIVS at mod_auth.c:130 sanni (10.84.0.2[10.84.0.2]) - opening scoreboard '/var/run/proftpd/proftpd.scoreboard' sanni (10.84.0.2[10.84.0.2]) - RELINQUISH PRIVS at mod_auth.c:150 sanni (10.84.0.2[10.84.0.2]) - connected - local : 10.84.0.1:21 sanni (10.84.0.2[10.84.0.2]) - connected - remote : 10.84.0.2:1276 sanni (10.84.0.2[10.84.0.2]) - FTP session opened. sanni - FS: using system lstat() sanni - FS: using system lstat() sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'USER anonymous' to mod_tls sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'USER anonymous' to mod_core sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'USER anonymous' to mod_core sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'USER anonymous' to mod_auth sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endpwent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endpwent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endgrent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endgrent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching CMD command 'USER anonymous' to mod_auth sanni (10.84.0.2[10.84.0.2]) - dispatching LOG_CMD command 'USER anonymous' to mod_log sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core sanni (10.84.0.2[10.84.0.2]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endpwent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endpwent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endgrent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endgrent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching CMD command 'PASS (hidden)' to mod_auth sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "getpwnam" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "getpwnam" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "gid_name" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "gid_name" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "getgroups" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "getgroups" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "setgrent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "setgrent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - ROOT PRIVS at mod_auth.c:550 sanni (10.84.0.2[10.84.0.2]) - RELINQUISH PRIVS at mod_auth.c:552 sanni (10.84.0.2[10.84.0.2]) - ROOT PRIVS at mod_auth.c:1002 sanni (10.84.0.2[10.84.0.2]) - SETUP PRIVS at mod_auth.c:1017 sanni (10.84.0.2[10.84.0.2]) - ROOT PRIVS at mod_auth.c:1034 sanni (10.84.0.2[10.84.0.2]) - SETUP PRIVS at mod_auth.c:1049 sanni (10.84.0.2[10.84.0.2]) - ftp: Directory /stuff/ftproot/ is not accessible. sanni (10.84.0.2[10.84.0.2]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log sanni (10.84.0.2[10.84.0.2]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endpwent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endpwent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endgrent" to module mod_auth_file sanni (10.84.0.2[10.84.0.2]) - dispatching auth request "endgrent" to module mod_auth_unix sanni (10.84.0.2[10.84.0.2]) - FTP session closed. "sanni (10.84.0.2[10.84.0.2]) - ftp: Directory /stuff/ftproot/ is not accessible." keine ahnung warum das kommt, obwohl die rechte von "/stuff/ftproot" auf 777 stehen. das ist das letzte problem was ich noch habe. _____________________________________________________________ so mounte ich jetzt: Code: mount --bind /stuff/medien/ /stuff/ftproot/medien/ mount --rbind /stuff/movies/ /stuff/ftproot/movies/ #submounts mount --bind /stuff/daten/programme/ /stuff/ftproot/programme/ mount --bind /stuff/spiele/ /stuff/ftproot/spiele/ mount --bind /stuff/public/ /stuff/ftproot/public/ mount --rbind /stuff/todo/ /stuff/ftproot/todo/ #submounts mount --bind /stuff/daten/upload/ /stuff/ftproot/upload/ hier nochmal meine neue config: Code: ServerName "sanni" ServerType standalone ServerIdent on "Sanni's Ftp Server" DefaultServer on Port 21 PassivePorts 49152 65534 Umask 022 MaxInstances 30 User nobody Group nobody AllowOverwrite off AllowRetrieveRestart on AllowStoreRestart on IdentLookups off UseReverseDNS off #################### ## Global Section ## #################### <Global> DefaultRoot /stuff/ftproot MaxClients 20 "too many users" MaxClientsPerHost 2 "too many connections from your host" DeleteAbortedStores off HiddenStor off RootLogin off IdentLookups off AllowForeignAddress on RequireValidShell on <Limit LOGIN> DenyGroup !ftpuser </Limit> </Global> ####################### ## Anonymous Section ## ####################### <Anonymous /stuff/ftproot> User ftp Group ftp UserAlias anonymous ftp MaxClients 4 MaxClientsPerHost 1 AnonRequirePassword off DisplayLogin welcome.msg DisplayFirstChdir .message DefaultChdir /stuff/ftproot <Limit write> DenyAll </Limit> <Limit LOGIN> AllowAll </Limit> </Anonymous> ####################### ## Directory Section ## ####################### <Directory /stuff/ftproot/programme> <Limit read appe retr list rest cwd> DenyGroup !ftpuser </Limit> <Limit stor dele mkd write site feat help rmd rnfr rnto> DenyAll </Limit> </Directory> <Directory /stuff/ftproot/medien> <Limit read appe retr list rest cwd> DenyGroup !ftpuser </Limit> <Limit stor dele mkd write site feat help rmd rnfr rnto> DenyAll </Limit> </Directory> <Directory /stuff/ftproot/movies> <Limit read appe retr list rest cwd> DenyGroup !ftpuser </Limit> <Limit stor dele mkd write site feat help rmd rnfr rnto> DenyAll </Limit> </Directory> <Directory /stuff/ftproot/spiele> <Limit read appe retr list rest cwd> DenyGroup !ftpuser </Limit> <Limit stor dele mkd write site feat help rmd rnfr rnto> DenyAll </Limit> </Directory> <Directory /stuff/ftproot/todo> <Limit read appe retr list rest cwd> DenyGroup !ftpuser </Limit> <Limit stor dele mkd write site feat help rmd rnfr rnto> DenyAll </Limit> </Directory> <Directory /stuff/ftproot/upload> <Limit read appe retr list rest cwd stor mkd site feat help rnfr rnto> DenyGroup !ftpuser </Limit> <Limit dele rmd> DenyAll </Limit> </Directory> <Directory /stuff/ftproot/public> <Limit read appe retr list rest cwd> AllowAll </Limit> <Limit stor dele mkd write site feat help rmd rnfr rnto> DenyAll </Limit> </Directory> |