www.ProFTPD.de

ProFTPD => ProFTPD - Deutsch => Thema gestartet von: Gast1001 am 21. Januar 2004, 23:34:16


Titel: User auf Verzeichniss beschränken
Beitrag von: Gast1001 am 21. Januar 2004, 23:34:16
Hallo,
ich hab bei meinen Strato Server die ersten Hürden recht gut genommen aber jetzt komme ich nicht weiter, deswegen poste ich hier. Folgendes Problem: Jeder User auf meinen Server kann oberhalb seines eigenen Verzeichnisses auch alle anderen Verzeichnisse sehen. Wie kann ich das unterbinden? Meine bisherigen Versuche blieben leider erfolglos.

Zitat
# This is a basic ProFTPD configuration file. It establishes a single
# server and a single anonymous login. It assumes that you have a
# user/group "nobody"/"nogroup" for normal operation and anon.

#    !!! PLEASE read the documentation of proftpd !!!
#
# You can find the documentation in /usr/doc/packages/proftpd/,
# http://www.proftpd.org/ and don't forget to read carefully
# and _follow_ hints on http://www.proftpd.net/security.html.

ServerName         "FTP SERVER"
#ServerType inetd
ServerType         standalone
ServerAdmin         ftpadm@localhost
#
# uncomment, if you want to hide the servers name:
#
#ServerIdent         on   "FTP Server ready"
DeferWelcome         off
DefaultServer         on


# Port 21 is the standard FTP port.
Port            21

# disable listen on 0.0.0.0:21 - the port (and IP) should
# be specified explicitly in each VirtualHost definition
#
#Port                           0

# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
#SocketBindTight                        on


# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask            072

# Set the user and group that the server normally runs at.
User            nobody
Group            nogroup

# Normally, we want files to be overwriteable.
DefaultRoot ~/
<Directory /*>
  AllowOverwrite      on
  HiddenStor         on
  #HideNoAccess         on
</Directory>

# protect .ftpaccess and similar - see also PathDenyFilter
#<Directory /*.ftp*>
#  <Limit ALL>
#    DenyAll
#    IgnoreHidden      on
#  </Limit>
#</Directory>

# It is a very good idea to allow only filenames containing normal
# alphanumeric characters for uploads (and not shell code...);
# see also the PathDenyFilter option
#PathAllowFilter ".*/[a-zA-Z0-9]+$"
#PathAllowFilter ".*/[a-zA-Z0-9~ \*\/,_.-]+$"

# Do not allow to pass printf-Formats (see also AllowFilter option):
DenyFilter  "%"

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Performance: skip DNS resolution when we process the logs...
#UseReverseDNS        off

# Turn off Ident lookups
IdentLookups         off

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
#TimeoutStalled                  300

# Where do we put the pid files?
#ScoreboardFile       /var/run/proftpd/proftpd.scoreboard
ScoreboardFile       /var/run/proftpd/proftpd.scoreboard
#
# Logging options
#
TransferLog          /var/log/xferlog

# Some logging formats
#
#LogFormat            default "%h %l %u %t \"%r\" %s %b"
#LogFormat            auth    "%v [%P] %h %t \"%r\" %s"
#LogFormat            write   "%h %l %u %t \"%r\" %s %b"

# Log file/dir access
#ExtendedLog          /var/log/proftpd.access_log    WRITE,READ write

# Record all logins
#ExtendedLog          /var/log/proftpd.auth_log      AUTH auth

# Paranoia logging level....
##ExtendedLog          /var/log/proftpd.paranoid_log  ALL default

#
# Do a chroot for web-users (i.e. public or www group), but
# do not change root if the user is also in the users group...
#
#DefaultRoot ~/public_html       public,!users
#DefaultRoot ~

# Limit login attempts
#MaxLoginAttempts                3

# Users needs a valid shell
RequireValidShell               no

#
# Use special Auth files instead....
#
#AuthUserFile                    /var/proftpd/authfiles/passwd
#AuthGroupFile                   /var/proftpd/authfiles/group

#
# Use LDAP server - see README.LDAP
#
#LDAPServer         "localhost"
#LDAPPrefix         "dc=your,dc=domain,dc=top"
#LDAPDN             "cn=YourDNUser,dc=your,dc=domain,dc=top"
#LDAPDNPass         "YourDNUserPassword"


# The ratio directives take four numbers: file ratio, initial file
# credit, byte ratio, and initial byte credit.  Setting either ratio
# to 0 disables that check.
#
# The directives are HostRatio (matches FQDN -- wildcards are allowed
# in this one), AnonRatio (matches password entered in an anon login,
# usually an email address), UserRatio (accepts "*" for 'any user'),
# and GroupRatio.  Matches are looked for in that order.
#
# Some examples:
#
# Ratios     on                                 # enable module
# UserRatio  ftp 0 0 0 0
# HostRatio  anyhost.domain.top 0 0 0 0         # leech access (default)
# GroupRatio proftpd 100 10 5 100000            # 100:1 files, 10 file cred
# AnonRatio  auser@domain.top 1 0 1 0           # 1:1 ratio, no credits
# UserRatio  * 5 5 5 50000                      # special default case
#
# Setting "Ratios on" without configuring anything else will enable
# leech mode: it logs activity and sends status messages to the ftp
# client, but doesn't restrict traffic.


#
# uncomment for anonymous...:
#
#<Anonymous ~ftp>
#     # After anonymous login, daemon runs as:
#     User         ftp
#     Group         public
#
#     # We want clients to be able to login with "anonymous" as well as "ftp"
#     UserAlias         anonymous ftp
#
#     # Limit the maximum number of anonymous logins
#     MaxClients      10
#
#     # We want 'welcome.msg' displayed at login, and '.message' displayed
#     # in each newly chdired directory.
#     DisplayLogin      msgs/welcome.msg
#     DisplayFirstChdir      .message
#
#     # Deny write operations to all directories, underneath root-dir
#     # Default is to allow, so we don't need a <Limit> for read operations.
#     <Directory *>
#          <Limit WRITE>
#               DenyAll
#          </Limit>
#     </Directory>
#     #
#     # Only uploads into incomming directory are allowed...
#     #<Directory incoming>
#     #
#     #     Umask  017
#     #
#     #     # ... so deny read/write
#     #     <Limit READ WRITE DIRS>
#     #          DenyAll
#     #     </Limit>
#     #
#     #     # ... allow file storing, but not other writes
#     #     <Limit STOR CWD CDUP>
#     #          AllowAll
#     #     </Limit>
#     #
#     #</Directory>
#
#</Anonymous>
<Global>
AllowRetrieveRestart on
AllowStoreRestart on
MaxClients 20 "Sie sind bereits eingeloggt."
ServerIdent on "FTP SERVER"
DefaultChdir ~/
UseFtpUsers on
</Global>
TimeoutIdle 180
UseReverseDNS off

Titel: Re: User auf Verzeichniss beschränken
Beitrag von: stonki am 22. Januar 2004, 09:47:58
Zitat von: "Gast1001"

DefaultRoot ~/


probiere mal ohne das "/" am Ende

Titel: User auf Verzeichniss beschränken
Beitrag von: Gast1001 am 22. Januar 2004, 12:11:44
Hat funktioniert. Danke.


Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC