www.ProFTPD.de

ProFTPD => ProFTPD - Deutsch => Thema gestartet von: TheCat am 05. März 2004, 16:24:42



Titel: Nur Downloadrechte in allen Ordnern
Beitrag von: TheCat am 05. März 2004, 16:24:42
Hallo,

Also bin absoluter neuling in sachen Unix und habe ein problem mit proftpd.

Ich hab schon alles in der Config probiert damit die User die in in der MySQL Datenbank eingetragen habe schreib lösch rechte in ihren HomeDirs zu bekommen.

Hier die Config:

Code:
##
## Config with simple mysql authentication support
## Contributed by 'Stonki'
## Added to www.proftpd.org 18/Oct/2002
##

# This is a basic ProFTPD configuration file. It establishes a single
# server and a single anonymous login. It assumes that you have a
# user/group "nobody"/"nogroup" for normal operation and anon.

#    !!! PLEASE read the documentation of proftpd !!!
#
# You can find the documentation in /usr/doc/packages/proftpd/,
# http://www.proftpd.org/ and don't forget to read carefully
# and _follow_ hints on http://www.proftpd.net/security.html.


#
# geaendert: 03.11.2001 für ProFTP 1.2.4 und mod_sql 4.x
#

#
# Basic
#
ServerName "WebSpace"
serverType standalone
ServerAdmin support@stonki.de

#
# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
#
#SyslogLevel emerg
#SystemLog /var/log/proftpd.system.log

#
# uncomment, if you want to hide the servers name:
#
ServerIdent on "Webspace Server"
DeferWelcome on
DefaultServer on

#
# Display
#
DisplayLogin /messages/ftp.motd
DisplayConnect /net/messages/ftp.pre
DisplayFirstChdir index.txt

HiddenStor off
DirFakeUser on stonki
DirFakeGroup on stonki
DirFakeMode 0000



# Enable PAM for authentication...
#
AuthPAM on

# Setting this directive to on will cause authentication to fail
# if PAM authentication fails. The default setting, off, allows
# other modules and directives such as AuthUserFile and friends
# to authenticate users.
#
# AuthPAMAuthoritative on

# This directive allows you to specify the PAM service name used
# in authentication (default is "proftpd" on SuSE Linux).
# You have to setup the service in the /etc/pam.d/<other_name>.
#
#AuthPAMConfig <other_name>

# Port 21 is the standard FTP port.
Port 21

#------------------------mysql Modul: 4.x
#
# Zugangskontrolle
#
SQLAuthTypes Plaintext
SQLAuthenticate users*
SQLConnectInfo bla@localhost bla bla
SQLDefaultGID 65534
SQLDefaultUID 65534
SQLMinUserGID 100
SQLMinUserUID                   500
SQLUserInfo ftp username password uid gid homedir shell

#
#------------------------mysql

# Port 21 is the standard FTP port.
Port                            21

# disable listen on 0.0.0.0:21 - the port (and IP) should
# be specified explicitly in each VirtualHost definition
#
#Port                           0

# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
#SocketBindTight on

#
# FXP Unterstuetzung
#
AllowForeignAddress on


# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask 022

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Maximal Werte setzen
MaxClientsPerHost 3 "Nicht mehr als %m  Verbindungen"
MaxClients 5 "Leider sind schon %m Clients verbunden"

# RateReadBPS             5000
# RateReadFreeBytes       5000
# RateReadHardBPS         on

Classes on
Class default           limit 5
Class internet          limit 2
Class local             limit 3
Class internet          ip 0.0.0.0/0
Class internet ip 192.168.99.99/24
Class local             ip 127.0.0.1/24
Class local             ip 192.168.0.0/24

#
# Restart erlauben
#
AllowStoreRestart on
AllowRetrieveRestart on

# Normally, we want files to be overwriteable.

<Directory ~/*>
        AllowOverwrite   on
<Limit STOR CMD MKD WRITE RETR DELE>
AllowALL
</Limit>
</Directory>


# It is a very good idea to allow only filenames containing normal
# alphanumeric characters for uploads (and not shell code...)
#PathAllowFilter "^[a-zA-Z0-9_.-]()'+$"
#PathAllowFilter "^[a-zA-Z0-9 _.-]()'+$"

# We don't want .ftpaccess or .htaccess files to be uploaded
#PathDenyFilter "(\.ftp)|(\.ht)[a-z]+$"
#PathDenyFilter "\.ftp[a-z]+$"

# Do not allow to pass printf-Formats (security! see documentation!):
#AllowFilter "^[a-zA-Z0-9@~ /,_.-]*$"
#DenyFilter  "%"

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# such as xinetd)
MaxInstances 30

# Performance: skip DNS resolution when we process the logs...
UseReverseDNS       on

# Turn off Ident lookups
IdentLookups         on

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled                  300

# Where do we put the pid files?
ScoreboardPath /usr/local/var/proftpd

#
# Logging options
#
TransferLog           /var/log/proftpd.xferlog

# Some logging formats
#
LogFormat            default "%h %l %u %t \"%r\" %s %b"
LogFormat            auth    "%v [%P] %h %t \"%r\" %s"
LogFormat            write   "%h %l %u %t \"%r\" %s %b"

# Log file/dir access
ExtendedLog         /var/log/proftpd.access_log    WRITE,READ write

# Record all logins
ExtendedLog           /var/log/proftpd.auth_log      AUTH auth

# Paranoia logging level....
ExtendedLog           /var/log/proftpd.paranoid_log  ALL default

#
# Do a chroot for web-users (i.e. public or www group), but
# do not change root if the user is also in the users group...
#
DefaultRoot  ~ !users

#
# Limit login attempts
#
MaxLoginAttempts                3

#
# Users needs a valid shell
#
RequireValidShell               off


Der Debug beim erstellen eines Verzeichnises:

Code:

217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching PRE_CMD command 'MKD Test' to mod_core
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching CMD command 'MKD Test' to mod_core
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - in dir_check(): setting umask to 0022 (was 0022)
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching POST_CMD_ERR command 'MKD Test' to mod_sql
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching LOG_CMD_ERR command 'MKD Test' to mod_sql
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching LOG_CMD_ERR command 'MKD Test' to mod_log
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching PRE_CMD command 'CWD Test' to mod_core
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching PRE_CMD command 'CWD Test' to mod_ratio
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching CMD command 'CWD Test' to mod_ratio
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching CMD command 'CWD Test' to mod_core
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching POST_CMD_ERR command 'CWD Test' to mod_sql
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching LOG_CMD_ERR command 'CWD Test' to mod_sql
217-114-211-84.kunde.vdserver.de (pD9E7A3AA.dip.t-dialin.net[217.231.163.170]) - dispatching LOG_CMD_ERR command 'CWD Test' to mod_log


Und mein SQL Dump:

Code:

#

CREATE TABLE ftp (
  username varchar(30) NOT NULL default '',
  password varchar(80) NOT NULL default '',
  uid int(11) default NULL,
  homedir varchar(255) default NULL,
  shell varchar(255) default NULL,
  gid int(30) NOT NULL default '0',
  UNIQUE KEY uid (uid)
) TYPE=MyISAM;

#
# Daten für Tabelle `ftp`
#

INSERT INTO ftp VALUES ('chosen-ones', 'bla', 1, '/home/webspace/chosen-ones.de/', NULL, 0);
INSERT INTO ftp VALUES ('reseller', 'bla', 2, '/home/webspace/', NULL, 0);
INSERT INTO ftp VALUES ('Marco', 'bla', 3, '/', NULL, 0);
INSERT INTO ftp VALUES ('tCo-Demos', 'bla', 4, '/home/webspace/chosen-ones.de/demos/', NULL, 0);
INSERT INTO ftp VALUES ('tCo-downloads', 'bla', 5, '/home/webspace/chosen-ones.de/demos/', NULL, 0);



Vielen Dank schonmal!


Titel: Nur Downloadrechte in allen Ordnern
Beitrag von: Wörsty am 05. März 2004, 23:54:21
Will jetzt ins Bett - aber mal so auf die Schnelle die Standardfehler:
1. Unix-Rechte?
2. Mal <Directory ~/*> durch <Directory ~> ersetzen

Zitat von: "Dokumentation"
Ein Schrägstrich und ein Wildcard ("/*") können dem Verzeichnis angehangen werden und geben an, dass der Konfigurationsblock nur auf den Inhalt dieses Verzeichnisses und seine Unterverzeichnisse zutrifft, nicht aber auf das Verzeichnis selbst.


Titel: Nur Downloadrechte in allen Ordnern
Beitrag von: TheCat am 06. März 2004, 00:45:08
Also was meinste mit Unix Rechte ? Die ordner laufen nicht unter root .

und der ~ brachte immer noch keinen ErfolgFehler 550 :(


Titel: Nur Downloadrechte in allen Ordnern
Beitrag von: TheCat am 06. März 2004, 00:49:12
Thx es geht jetzt hab nach Unix Rechten gesucht und musste natürlich den chmod setzten danke.