I'm setting up a ftp server. I need to be able to have people have a non interactive login through a web browser into a chrooted directory i.e. ftp://somewhere.com. I also need to have a URL that will auto login a user to a chrooted directory. These chrooted directories will be RO for all anonymous access. That said I also need to have a staff account that has upload rights to these directories.
Before I was able to use with Windowz FTP servers: ftp://user:password@somewhere.com. This does not pass with proftpd or vsftpd. Are there conf entries that will allow these? I know there are security risks associated with this but it is an environment I have to deal with anyway.
Conf file:
# This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone DefaultServer on AccessGrantMsg "User %u logged in." DeferWelcome off DefaultRoot ~ !adm AuthPAMAuthoritative on IdentLookups off UseReverseDNS off Port 21 Umask 022 ListOptions "-a" AllowRetrieveRestart on AllowStoreRestart on MaxInstances 20 User nobody Group nobody ScoreboardFile /var/run/proftpd.score
<Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global>
LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s"
<Anonymous ~ftp> <Limit LOGIN> AllowAll </Limit>
User ftp Group ftp AccessGrantMsg "Anonymous login ok, restrictions apply." UserAlias anonymous ftp DefaultChdir /pub
<Limit WRITE SITE_CHMOD> DenyAll </Limit>
<Limit STOR> DenyAll </Limit>
<Limit READ> AllowAll </Limit>
</Anonymous>
Thanks, Ed
On Mon, 2005-09-12 at 21:42 -0700, Ed Morrison wrote:
I'm setting up a ftp server. I need to be able to have people have a non interactive login through a web browser into a chrooted directory i.e. ftp://somewhere.com. I also need to have a URL that will auto login a user to a chrooted directory. These chrooted directories will be RO for all anonymous access. That said I also need to have a staff account that has upload rights to these directories.
Before I was able to use with Windowz FTP servers: ftp://user:password@somewhere.com. This does not pass with proftpd or vsftpd. Are there conf entries that will allow these? I know there are security risks associated with this but it is an environment I have to deal with anyway.
<snip>
I use Proftpd and I am able to log in with a web browser just fine. That said, my directories are chrooted but they are r/w not r/o. Have you verified that these accounts work with a standard ftp client? This is a long shot, without having put too much thought into it .. but have you tried RequireValidShell off? I've always found it easier to debug starting proftpd with "proftpd -d <debug level> -n" the "-n" flag tells the daemon not to go to the background.
HTH, Barry
Barry Brimer wrote:
<snip>
Have you verified that these accounts work with a standard ftp client?
Yes, I can log into the server with a terminal session or command prompt
This is a long shot, without having put too much thought into it .. but have you tried RequireValidShell off?
I just added it to the config but it did not change the behavior
I've always found it easier to debug starting proftpd with "proftpd -d <debug level> -n" the "-n" flag tells the daemon not to go to the background.
Authlog shows: ProFTPD server [14411] xx.xx.xx.xx [13/Sep/2005:09:03:31 -0700] "USER anonymous" 331 ProFTPD server [14411] xx.xx.xx.xx [13/Sep/2005:09:03:31 -0700] "PASS mozilla@example.com" 230 ProFTPD server [14381] xx.xx.xx.xx [13/Sep/2005:08:52:48 -0700] "USER anonymous" 331 ProFTPD server [14381] xx.xx.xx.xx [13/Sep/2005:08:52:48 -0700] "PASS IEUser@" 230
Not sure what a successful authentication should look like.
Ed
-
Barry Brimer -
Ed Morrison