proftpd

[Kaiser_Sose]

Don't use the rpm from proftpd.org


Grab it from www.freshrpms.net *that one is solid. *Adds it as a standalone server, so service proftpd start and all that jazz works. *Also automagically sets up chroot's for each user. *Normal user logs in and will NOT be able to get to any directory above thier home directory. *(You can override this in teh config though).

I installed it with the one from freshrpms and I think it installed correctly but still needs some configuration

I can start and stop it

Code:

 [root@localhost root]# service proftpd restart
Shutting down proftpd: * * * * * * * * * * * * * * * * * * [ *OK *]
Starting proftpd: * * * * * * * * * * * * * * * * * * * * *[ *OK *]

I also did a test on the config file

Code:

[root@localhost root]# proftpd -t
Checking syntax of configuration file
 - no such group 'nogroup'
 - Fatal: Group: Unknown group 'nogroup'.

And that is why when I try to connect from another machine on my LAN , I get this

Code:

~ Connected to 192.168.0.40, waiting for response...
< 220 FTP Server ready.
> USER nogroup
< 331 Password required for nogroup.
> PASS *****
< 530 Login incorrect.
! *Invalid username or password for 192.168.0.40
~ Could not login to 192.168.0.40
~ Disconnected

I am the only user on the system and I only have "root" setup. *I think I have to add a user "nogroup" or something like that but I do not know how to do that

The way I really want to set it up is by giving people different usernames. *For example, David would login as 'david" and I would also give him a password. *Steve would login as "steve" with his given password

Here is my proftpd.conf file. *If you can help out that would be greathttp://kaiser-sose.port5.com/proftpdconfig.zip

[tolstoy]

nogroup is a standard *nix group that kind of coincides with the user nobody. However, there is no group called "nogroup" in RedHat. Either add that group using groupadd or, better yet, just edit your proftpd config file to include the group "nobody" instead of "nogroup." If you'r server allows anonymous connections, just log on as user anonymous and leave your email address as the password, or log on as a user who has an account on the box (someone else besides root).

[Killer_Penguin]

What distro are you using? I've yet to see a redhat distro that doesn't add the nobody/nogroup settings...

BTW, here is my nobody/nogroup lines....

[root@anakin /root]# cat /etc/passwd |grep nobody
nobody:x:99:99:Nobody:/:
[root@anakin /root]# cat /etc/group |grep nobody
nobody:x:99:
[root@anakin /root]# cat /etc/shadow |grep nobody
nobody:*:11467:0:99999:7:::


If you add those entries into thier respective files, you should be good!

[Kaiser_Sose]

nogroup is a standard *nix group that kind of coincides with the user nobody. However, there is no group called "nogroup" in RedHat. Either add that group using groupadd or, better yet, just edit your proftpd config file to include the group "nobody" instead of "nogroup." If you'r server allows anonymous connections, just log on as user anonymous and leave your email address as the password, or log on as a user who has an account on the box (someone else besides root).

nobody was already in the config file so I put the roots password as the e- mail and it works. *THANK YOU ALL

So if I want someone to connect with their own username and password I have to add them as a user to the computer. *I dont want them to be a user of the computer just to logon with proftpd

Can you please give me the commandline to do all this and show me where to edit the config file to add them as users of proftpd. *I am very to linux. *I jst installed it the other day

[Killer_Penguin]

unfortionatly, in order to be users of ftp, they have to be users of the comp. (eg, they have to exist in /etc/passwd and /etc/shadow). There are some ftpd's out there that will authenticate through something else, such as a mysql database, but I'm thinking that is overkill for you.

Again, what distro are you using?

[Kaiser_Sose]

RH 7.2, you must have missed when I said that in my first post

Is there a gui front end for proftpd. *As I said, I am very new to linux so I was playing around with KDE and I noticed that wuftp has a frontend gui

If proftpd foes not, I gues I will have to use the command line

fyi

Code:

[root@localhost root]# cat /etc/passwd |grep nobody
nobody:x:99:99:Nobody:/:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

Code:

[root@localhost root]# cat /etc/group |grep nobody
nobody:x:99:
nfsnobody:x:65534:

Code:

[root@localhost root]# cat /etc/shadow |grep nobody
nobody:*:11695:0:99999:7:::
nfsnobody:!!:11695:0:99999:7:::

[tolstoy]

nobody was already in the config file so I put the roots password as the e- mail and it works. THANK YOU ALL

So if I want someone to connect with their own username and password I have to add them as a user to the computer. I dont want them to be a user of the computer just to logon with proftpd

Can you please give me the commandline to do all this and show me where to edit the config file to add them as users of proftpd. I am very to linux. I jst installed it the other day

If you are worried about making them users on the box, you can give them a false shell (/bin/false) and then set up proftpd so that it does not require users to have valid shells. (I'm pretty sure you can do this at least). This way users can ftp into the box, but never be able to sit down at it and log on physically.

I think there is a GUI front end to proftpd in the latest version of WebMin. However, it has been my experience that doing everything from the command line and by editing config files by hand is always better. ProFTPD's config file should be proftpd.conf, but where it resides on the RPM version of proftpd, I am not sure. Probably somewhere in /etc.

If you want to add the group "no group," open a term as root and type /usr/sbin/groupadd no group.

If you want to give users false shells, just change the end of their entry in /etc/passwd to read /bin/false, rather than /bin/bash or /bin/sh.

To turn off the requirement for users to have a valid shell in proftpd, put this line the global section of your config file:

RequireValidShell off

To chroot everyone into their home directory (which jails them into their home directory and its files so they cannot browse other parts of the system) add:

DefaultRoot ~/

This is highly recommended.

I suggest going to www.proftpd.org and browsing the online documentition. Using the command line and editing config files can be intimidating to newbies, epecially when they are from the Windows world, but hey that's linux. Just stick with it. Trust me, you'll be better for it and you'll one day start to hate all the M$ GUI frontends (which usually almost never have command line backends).

Hope this helps some.

[Kaiser_Sose]

tostoy, thanks so much for your help

I uploaded my proftpd.conf and /et/passwrd file to http://kaiser-sose.port5.com/proftpdconfig.zip

Can you please edit them and apply an example

For instance edit them to show that a user named "david" with a password named "xyz" can logon to their home directory. lets say their home directory is also /var/ftp but a seperate one from the one beow. Meaning that all users will logon and see bin, lib, pub, etc.

I forgot to add that, when I logged on across the LAN as anon/roots password it went to /var/ftp and inside there I see "bin", "etc", "lib", "pub", "uploads" with files in the bin, etc, lib directory. *I wasnt able to see them through the ftp client but through SSH I know they are there

See here
/var/ftp

/var/ftp/lib

[tolstoy]

Ok, here is a step by step example that should get you through fine:

1) Make sure proftpd is running and works. (I'm sure you already did this).

2) edit the file /etc/proftpd.conf. You only need to make two changes for a very simple site. The very first line of the config file will say --

#This is the ProFTPD configuration file.

Right under that you will see a list as follows:

ServerIdent on "FTP Server Ready"
ServerAdmin root@localhost
ServerType standalone
etc...etc...(more entries like that)

Now what you need to do is add these two entries to that list:

RequireValidShell off
DefaultRoot ~/ <---- This line will jail all users into their home directory and keep them from browsing the file system.

Save the changes and restart proftpd by issuing a "/etc/rc.d/init.d/proftpd restart" from the command line.

Now add your users (the sample user here is johnsmith):

Open a terminal as root type,

/usr/sbin/useradd johnsmith

That will add that user. Next give the user a password. Still as root, type

passwd johnsmith

You will then be prompted to create a password. the password will not echo on the screen. So if nothing happens, have not fear. It is working.

Now, as root, open your /etc/passwd file and edit the line for that user. Change it from:

johnsmith:x:500:500::/home/johnsmith:/bin/bash

to read

johnsmith:x:500:500::/home/johnsmith:/bin/false <---this last part is the user's shell.

You can also change the user's home directory if you like.

I just did this in about 30 seconds on RH 7.2 using the proftpd rpm, so it should work for you. Give it a shot and let me know what happens. I still suggest reading all the proftd docs and disabling anonymous ftp if you have no need for it.

[Kaiser_Sose]

Thanks, I did what you said and the user can connect

I do have a few questions

When I change "johnsmith:x:500:500::/home/johnsmith:/bin/bash
" to "
johnsmith:x:500:500::/home/pub/johnsmith:/bin/false" - the user gets a could not logon message. No matter what I put there. I even tried "johnsmith:x:500:500::/var/ftp/johnsmith:/bin/false"

The only way they can connect if it reads "johnsmith:x:500:500::/home/johnsmith:/bin/false" - and when they do I see files called ".bashrc", ".bash_logout", ".emacs", ".kde" (folder) plus some others

And every user gets a different number, the first one started at 501:501, the second is 502:502

How do I fix all this

2.

The only reason I have Anon on is I can only connect as anonymous/root's password, I cant connect as root/roots password, if I could, I would like to disable Anonymous access

How can I do this. When I logon as root I would like to get "/" access not "/root" but "/"

3.

How do I remove a user and its password. I tried "/usr/sbin/userremove test" but it said "bash: /usr/sbin/userremove: No such file or directory"