neue probleme

und zwar möchte ich jetz flashen nur für einen user erlauben und für den rest nicht.

bsp.: im ordner /home/upload/ENTER befindet sich user upload, download, und karlheinz.

nun ist es ja schon so eingestellt das upload der einzige is der uploaden kann... die anderen können nur downloaden. jetz möchte ich aber auch noch verhindern, das download und karlheinz flashen können. wie kann ich das bewerkstelligen?

ach ja und upload soll nur noch uploaden/drauf flashen können aber nicht downloaden/weg flashen


Also: user upload in ordner /home/upload/ENTER soll nicht wie bisher up und downloaden können... nur noch uploaden und drauf flashen. sonst aber rechte wie gehabt. also schreiben lesen aber nix löschen

user download und karlheinz im ordner /home/upload/ENTER sollen nicht wie bisher downloaden und flashen können sondern nur noch dwonloaden. alle anderen rechte wie gehabt. kein upload und nichts löschen.


info: /home/upload/ENTER is das home verzeichniss aller user

hier nochma aktuelle config

# This is the ProFTPD configuration file

ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in. Welcome!"
AllowForeignAddress on
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot /home/upload/ENTER

# Use pam to authenticate by default
AuthPAMAuthoritative on

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 9009

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Default to show dot files in directory listings
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress on # For FXP


# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.

<Directory ~>

<Limit WRITE DELE>
DenyAll
</Limit>

<Limit READ DIRS>
IgnoreHidden On
AllowAll
</Limit>

</Directory>

<Directory ~/ENTER>

<Limit DELE>
DenyAll
</Limit>

<Limit WRITE READ DIRS>
AllowAll
DenyAll
</Limit>
</Directory>


# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 0 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftpadm
# DirFakeGroup on ftpadm
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

cheffe es geht!!!! dangäääää . der restart hats gebracht! bestens.. nich ganz einfach das ganze aber das hat schonma geklappt... besten dank

[<Directory ~> <Limit WRITE DELE> DenyAll </Limit> <Limit READ DIRS> IgnoreHidden On AllowAll </Limit> </Directory><Directory ~/upload> <Limit SITE_CHMOD DELE> DenyAll </Limit> <Limit WRITE READ DIRS> AllowAll DenyAll </Limit> </Directory>]

nö... ich geh kaputt. es funzt immernoch net.

aber das stimmt ja oder?

# This is the ProFTPD configuration file

ServerName         "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
ServerType         standalone
#ServerType         inetd
DefaultServer         on
AccessGrantMsg         "User %u logged in. Welcome!"
AllowForeignAddress      on
#DisplayConnect         /etc/ftpissue
#DisplayLogin         /etc/ftpmotd
#DisplayGoAway         /etc/ftpgoaway
DeferWelcome         off

# Use this to excude users from the chroot
DefaultRoot         ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative      on

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups         off
UseReverseDNS         off

# Port 21 is the standard FTP port.
Port            9009

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask            022

# Default to show dot files in directory listings
ListOptions         "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228      off
#RootLogin         off
#LoginPasswordPrompt      on
#MaxLoginAttempts      3
#MaxClientsPerHost      none
#AllowForeignAddress      on   # For FXP


# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart      on
AllowStoreRestart      on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances         20

# Set the user and group that the server normally runs at.
User            nobody
Group            nobody

# This is where we want to put the pid file
ScoreboardFile         /var/run/proftpd.score

# Normally, we want users to do a few things.

<Directory ~>

<Limit WRITE DELE>
DenyAll
</Limit>

<Limit READ DIRS>
IgnoreHidden On
AllowAll
</Limit>

</Directory>

<Directory ~/upload>

<Limit SITE_CHMOD DELE>
DenyAll
</Limit>

<Limit WRITE READ DIRS>
AllowAll
DenyAll
</Limit>
</Directory>


# Define the log formats
LogFormat         default   "%h %l %u %t \"%r\" %s %b"
LogFormat         auth   "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine         on
#TLSRequired         on
#TLSRSACertificateFile      /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile   /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite         ALL:!ADH:!DES
#TLSOptions         NoCertRequest
#TLSVerifyClient      off
##TLSRenegotiate      ctrl 3600 data 512000 required off timeout 300
#TLSLog            /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User            ftp
#  Group            ftp
#  AccessGrantMsg      "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias         anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients         0 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir         /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin         /welcome.msg
#  DisplayFirstChdir      .message
#  DisplayReadme         README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser         on ftpadm
#  DirFakeGroup         on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite      no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog         off
#
#  # Logging for the anonymous transfers
#  ExtendedLog      /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog      /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

wenn man das noch nie gemacht hat kann mans nunma nich.. wenn ichs einma (wenns ma was werden sollte) richtig hab vergess ich das auch net mehr... aber woher soll mans vorher wissen?

das gib ma ne richtige angabe was (komplett" wo rein soll bzw was ersetzt werden soll... dann is doch ok dann weiss man das wenigstens und beim nächsten ma hat man keine probs mehr...

[<Directory ~/upload> <Limit SITE_CHMOD DELE> DenyAll </Limit> <Limit WRITE READ DIRS> AllowAll DenyAll </Limit> </Directory>]

# This is the ProFTPD configuration file

ServerName         "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
ServerType         standalone
#ServerType         inetd
DefaultServer         on
AccessGrantMsg         "User %u logged in. Welcome!"
AllowForeignAddress      on
#DisplayConnect         /etc/ftpissue
#DisplayLogin         /etc/ftpmotd
#DisplayGoAway         /etc/ftpgoaway
DeferWelcome         off

# Use this to excude users from the chroot
DefaultRoot         ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative      on

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups         off
UseReverseDNS         off

# Port 21 is the standard FTP port.
Port            9009

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask            022

# Default to show dot files in directory listings
ListOptions         "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228      off
#RootLogin         off
#LoginPasswordPrompt      on
#MaxLoginAttempts      3
#MaxClientsPerHost      none
#AllowForeignAddress      on   # For FXP


# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart      on
AllowStoreRestart      on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances         20

# Set the user and group that the server normally runs at.
User            nobody
Group            nobody

# This is where we want to put the pid file
ScoreboardFile         /var/run/proftpd.score

# Normally, we want users to do a few things.
<Directory ~/upload>

<Limit SITE_CHMOD DELE>
DenyAll
</Limit>

<Limit WRITE READ DIRS>
AllowAll
DenyAll
</Limit>
</Directory>



# Define the log formats
LogFormat         default   "%h %l %u %t \"%r\" %s %b"
LogFormat         auth   "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine         on
#TLSRequired         on
#TLSRSACertificateFile      /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile   /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite         ALL:!ADH:!DES
#TLSOptions         NoCertRequest
#TLSVerifyClient      off
##TLSRenegotiate      ctrl 3600 data 512000 required off timeout 300
#TLSLog            /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User            ftp
#  Group            ftp
#  AccessGrantMsg      "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias         anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients         0 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir         /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin         /welcome.msg
#  DisplayFirstChdir      .message
#  DisplayReadme         README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser         on ftpadm
#  DirFakeGroup         on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite      no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog         off
#
#  # Logging for the anonymous transfers
#  ExtendedLog      /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog      /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

wenn ich mich nun per user upload einlogge aufn ftp kann ich aber immernoch löschen...

[<Limit STOR> AllowAll </Limit> <Limit DELE RETR> DenyAll </Limit>]

# This is the ProFTPD configuration file

ServerName         "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
ServerType         standalone
#ServerType         inetd
DefaultServer         on
AccessGrantMsg         "User %u logged in. Welcome!"
AllowForeignAddress      on
#DisplayConnect         /etc/ftpissue
#DisplayLogin         /etc/ftpmotd
#DisplayGoAway         /etc/ftpgoaway
DeferWelcome         off

# Use this to excude users from the chroot
DefaultRoot         ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative      on

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups         off
UseReverseDNS         off

# Port 21 is the standard FTP port.
Port            9009

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask            022

# Default to show dot files in directory listings
ListOptions         "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228      off
#RootLogin         off
#LoginPasswordPrompt      on
#MaxLoginAttempts      3
#MaxClientsPerHost      none
#AllowForeignAddress      on   # For FXP


# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart      on
AllowStoreRestart      on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances         20

# Set the user and group that the server normally runs at.
User            nobody
Group            nobody

# This is where we want to put the pid file
ScoreboardFile         /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite      yes
 <Limit STOR>
    AllowAll
  </Limit>
  <Limit DELE RETR>
    DenyAll
  </Limit></Global>

# Define the log formats
LogFormat         default   "%h %l %u %t \"%r\" %s %b"
LogFormat         auth   "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine         on
#TLSRequired         on
#TLSRSACertificateFile      /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile   /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite         ALL:!ADH:!DES
#TLSOptions         NoCertRequest
#TLSVerifyClient      off
##TLSRenegotiate      ctrl 3600 data 512000 required off timeout 300
#TLSLog            /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User            ftp
#  Group            ftp
#  AccessGrantMsg      "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias         anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients         0 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir         /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin         /welcome.msg
#  DisplayFirstChdir      .message
#  DisplayReadme         README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser         on ftpadm
#  DirFakeGroup         on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite      no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog         off
#
#  # Logging for the anonymous transfers
#  ExtendedLog      /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog      /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

oder wie? ich blick das net mehr lol das kann doch garnet so schwer sein...

ja ich verbinde per ftp auf port 9009

und so wars gemeint:

Code:

user upload soll in /home/upload nichts downloaden, löschen, umbenennen dürfen.

Fehler: Er kann da aber Dateien downloaden, umbennen, löschen

und nun nochma die ausgabe:

[root@host root]# killall proftpd
[root@host root]# proftpd -nd9
 - parsing '/etc/proftpd.conf' configuration
 - FS: using system open()
 - FS: using system read()
 - FS: using system read()
 - dispatching auth request "getpwnam" to module mod_auth_file
 - dispatching auth request "getpwnam" to module mod_auth_unix
 - dispatching auth request "getgrnam" to module mod_auth_file
 - dispatching auth request "getgrnam" to module mod_auth_unix
 - FS: using system read()
 - FS: using system read()
 - FS: using system read()
 - FS: using system close()
host -
host - Config for ProFTPD server:
host - ServerIdent
host - DefaultServer
host - AccessGrantMsg
host - AllowForeignAddress
host - DeferWelcome
host - DefaultRoot
host - AuthPAMAuthoritative
host - IdentLookups
host - Umask
host - ListOptions
host - AllowRetrieveRestart
host - AllowStoreRestart
host - UserID
host - UserName
host - GroupID
host - GroupName
host - Limit
host -  AllowAll
host - AllowOverwrite
host - dispatching auth request "getgroups" to module mod_auth_file
host - dispatching auth request "getgroups" to module mod_auth_unix
host - SETUP PRIVS at main.c:2704
host - ROOT PRIVS at main.c:1956
host - RELINQUISH PRIVS at main.c:1962
host - ROOT PRIVS at main.c:2323
host - opening scoreboard '/var/run/proftpd.score'
host - RELINQUISH PRIVS at main.c:2347
host - ProFTPD 1.2.9 (stable) (built Son Dez 21 16:47:33 CET 2003) standalone mo
de STARTUP
host - ROOT PRIVS at main.c:2171
host - RELINQUISH PRIVS at main.c:2177
host - FS: using system lstat()
host - scrubbing scoreboard
host - ROOT PRIVS at mod_core.c:194
host - RELINQUISH PRIVS at mod_core.c:201
host - ROOT PRIVS at mod_core.c:223
host - RELINQUISH PRIVS at mod_core.c:251
host - FS: using system lstat()
host - scrubbing scoreboard
host - ROOT PRIVS at mod_core.c:194
host - RELINQUISH PRIVS at mod_core.c:201
host - ROOT PRIVS at mod_core.c:223
host - RELINQUISH PRIVS at mod_core.c:251
host - FS: using system lstat()
host - scrubbing scoreboard
host - ROOT PRIVS at mod_core.c:194
host - RELINQUISH PRIVS at mod_core.c:201
host - ROOT PRIVS at mod_core.c:223
host - RELINQUISH PRIVS at mod_core.c:251
host - FS: using system lstat()
host - scrubbing scoreboard
host - ROOT PRIVS at mod_core.c:194
host - RELINQUISH PRIVS at mod_core.c:201
host - ROOT PRIVS at mod_core.c:223
host - RELINQUISH PRIVS at mod_core.c:251
host - FS: using system lstat()
host - ProFTPD terminating (signal 2)
host - ROOT PRIVS at main.c:1838
host - RELINQUISH PRIVS at main.c:1859
host - ProFTPD 1.2.9 standalone mode SHUTDOWN
host - ROOT PRIVS at main.c:1866
host - RELINQUISH PRIVS at main.c:1868
[root@host root]#

1. der user upload kommt auch net aus dem ordner raus... kann nur welche in dem /home/upload/ erstellen und da rein...

2. da is jetz nix drin was jemandem was verbietet. da es ja nicht funktioniert hat habe ich die originale config wieder auf dem server...

so. also was müsste man denn da jetz ändern um dem user upload was zu verbieten? fragen ich mal sorum...

mom 3.  und 4. mach ich gleich kam grad erst dazu mom

user upload kommt natürlich auch in /home/upload/

habs nur bei dir kopiert


und das kommt nach dem eingeben von "proftpd -nd9" damit kann ich nur reingarnix anfangen

- parsing '/etc/proftpd.conf' configuration
 - FS: using system open()
 - FS: using system read()
 - FS: using system read()
 - dispatching auth request "getpwnam" to module mod_auth_file
 - dispatching auth request "getpwnam" to module mod_auth_unix
 - dispatching auth request "getgrnam" to module mod_auth_file
 - dispatching auth request "getgrnam" to module mod_auth_unix
 - FS: using system read()
 - FS: using system read()
 - FS: using system read()
 - FS: using system close()
host -
host - Config for ProFTPD server:
host - ServerIdent
host - DefaultServer
host - AccessGrantMsg
host - AllowForeignAddress
host - DeferWelcome
host - DefaultRoot
host - AuthPAMAuthoritative
host - IdentLookups
host - Umask
host - ListOptions
host - AllowRetrieveRestart
host - AllowStoreRestart
host - UserID
host - UserName
host - GroupID
host - GroupName
host - Limit
host -  AllowAll
host - AllowOverwrite
host - dispatching auth request "getgroups" to module mod_auth_file
host - dispatching auth request "getgroups" to module mod_auth_unix
host - SETUP PRIVS at main.c:2704
host - ROOT PRIVS at main.c:1956
host - RELINQUISH PRIVS at main.c:1962
host - ROOT PRIVS at main.c:2323
host - opening scoreboard '/var/run/proftpd.score'
host - RELINQUISH PRIVS at main.c:2347
host - Failed binding to 0.0.0.0, port 9009: Address already in use
host - Check the ServerType directive to ensure you are configured correctly.

die config

# This is the ProFTPD configuration file

ServerName         "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
ServerType         standalone
#ServerType         inetd
DefaultServer         on
AccessGrantMsg         "User %u logged in. Welcome!"
AllowForeignAddress      on
#DisplayConnect         /etc/ftpissue
#DisplayLogin         /etc/ftpmotd
#DisplayGoAway         /etc/ftpgoaway
DeferWelcome         off

# Use this to excude users from the chroot
DefaultRoot         ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative      on

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups         off
UseReverseDNS         off

# Port 21 is the standard FTP port.
Port            9009

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask            022

# Default to show dot files in directory listings
ListOptions         "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228      off
#RootLogin         off
#LoginPasswordPrompt      on
#MaxLoginAttempts      3
#MaxClientsPerHost      none
#AllowForeignAddress      on   # For FXP


# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart      on
AllowStoreRestart      on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances         20

# Set the user and group that the server normally runs at.
User            nobody
Group            nobody

# This is where we want to put the pid file
ScoreboardFile         /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite      yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat         default   "%h %l %u %t \"%r\" %s %b"
LogFormat         auth   "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine         on
#TLSRequired         on
#TLSRSACertificateFile      /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile   /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite         ALL:!ADH:!DES
#TLSOptions         NoCertRequest
#TLSVerifyClient      off
##TLSRenegotiate      ctrl 3600 data 512000 required off timeout 300
#TLSLog            /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User            ftp
#  Group            ftp
#  AccessGrantMsg      "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias         anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients         0 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir         /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin         /welcome.msg
#  DisplayFirstChdir      .message
#  DisplayReadme         README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser         on ftpadm
#  DirFakeGroup         on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite      no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog         off
#
#  # Logging for the anonymous transfers
#  ExtendedLog      /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog      /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

na mein gott jetz kommen wir doch der sache näher...

also:


Benutzer: upload
Home-Verzeichnis: /home/upload

upload soll in /home/peter nichts downloaden, löschen, umbenennen dürfen.

Fehler: Er kann da aber Dateien downloaden, umbennen, löschen





um mal in deinen worten zu sprechen..  :lol:

ja glaub ichs denn.... wenn ich die scheiss config so ändere wie oben genannt

Code:

<limit READ DIRS>
allowAll
</limit>
<Limit WRITE>
AllowUser User1
Denyall
</limit>

dann kann der verschissene user immernoch ALLES machen... wie soll ich es denn nur noch erklären...

auch wenns deine letztemail war....


hier nochma: ES GEHT EINFACH NICHT!!! selbst wenn ich die rechte so eigestellt habe haben die user alle rechte ohne einschränkung... nicht wie gewollt das sie zum beispiel nicht uploaden können etc.... so naja das dazu. egal werds schon hinbekommen

aaalso die config is jetz die aktuelle da änderungen wie oben erwähnt nix gebracht haben... und zum problem nochma...


ich will das der erstellte user user1 in seinem ordner /home/user1/ nicht komplette rechte hat sondern nur upload also files und ordner erstellen kann auch wechseln aber er kann nicht löschen umbennenen oder downloaden... dann möchte ich einen 2. user in den selben ordner haben der wiederum nur downloaden kann.. aber nix löschen umbenennen oder uploaden.

das ist das ganze prob.


weil wenn ich per ssh einen neuen user erstelle hat der ja auch wieder einen neuen ordner unter /home/user2/ der soll aber in /home/user1/ und da die oben genannten rechte haben.

also im prinzip 2 user in einem ordner einer kann nur uploaden und der andere nur downloaden...


hoffe es ist verständlich was ich will  :oops:

^^ name vergessen hab mich jetz ma gereggt is bessa..

hier ma der inhalt meiner originalen proftpd.config

# This is the ProFTPD configuration file

ServerName         "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
ServerType         standalone
#ServerType         inetd
DefaultServer         on
AccessGrantMsg         "User %u logged in. Welcome!"
AllowForeignAddress      on
#DisplayConnect         /etc/ftpissue
#DisplayLogin         /etc/ftpmotd
#DisplayGoAway         /etc/ftpgoaway
DeferWelcome         off

# Use this to excude users from the chroot
DefaultRoot         ~ !adm

# Use pam to authenticate by default
AuthPAMAuthoritative      on

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups         off
UseReverseDNS         off

# Port 21 is the standard FTP port.
Port            9009

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask            022

# Default to show dot files in directory listings
ListOptions         "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228      off
#RootLogin         off
#LoginPasswordPrompt      on
#MaxLoginAttempts      3
#MaxClientsPerHost      2
#AllowForeignAddress      on   # For FXP


# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart      on
AllowStoreRestart      on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances         20

# Set the user and group that the server normally runs at.
User            nobody
Group            nobody

# This is where we want to put the pid file
ScoreboardFile         /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite      yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>


# Define the log formats
LogFormat         
LogFormat         

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine         on
#TLSRequired         on
#TLSRSACertificateFile      /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile   /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite         ALL:!ADH:!DES
#TLSOptions         NoCertRequest
#TLSVerifyClient      off
##TLSRenegotiate      ctrl 3600 data 512000 required off timeout 300
#TLSLog            /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User            ftp
#  Group            ftp
#  AccessGrantMsg      "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias         anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients         0 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir         /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin         /welcome.msg
#  DisplayFirstChdir      .message
#  DisplayReadme         README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser         on ftpadm
#  DirFakeGroup         on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite      no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog         off
#
#  # Logging for the anonymous transfers
#  ExtendedLog      /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog      /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>