PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Benutzer einsperren sarge und etch



eNvizion
03.06.07, 16:43
Hallo,

ich habe bisher immer Debian sarge benutzt und da hat es auch immer wunderbar funktioniert das der Benutzer eingesperrt war in dem Ordner den ich den Benutzer mit chown -R gegeben habe.

Jetzt aber bei meinen zweiten Server mit Debian etch da funktioniert das nicht, ich habe nichts anderes gemacht wie immer unter sarge.

So habe ich ProFTPD installiert:

apt-get install proftpd (inetd )
addgroup ftpuser
cp /bin/false /bin/ftp
echo "/bin/ftp" >> /etc/shells
useradd benutzer -d /ordner/ -s /bin/ftp -G ftpuser
passwd benutzer
chown -R benutzer /ordner/
proftpd restartet

Hier meine proftpd.conf:


#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "FTP Server"
ServerType inetd
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
DelayEngine off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

DefaultRoot ~

<limit LOGIN>
DenyGroup !ftpuser
</limit>

#Regelt abgebrochende Downloads
AllowRetrieveRestart on

#Regelt abgebrochende Uploads
AllowStoreRestart on

#Schneller Login
UseReverseDNS off
IdentLookups off

#FXP erlauben
AllowForeignAddress on

TimesGMT off


Unter sarge funktioniert es ja, also kann es an der config ja eigentlich nicht liegen, oder?

Grüße
eNvizion

TheNose
03.06.07, 17:34
Hilft dir das hier weiter: http://www.linuxforen.de/forums/showthread.php?t=237347?

hgmichael
03.06.07, 19:54
ändere


DefaultRoot ~

in


DefaultRoot ~/