Topic: FTP Permission and Configuration

[Vegas D]

Hey guys, read alot of different forums on this site and so far, this one site has far more info and help than MicroSoft. I'm a long time Windows admin but I'm really getting into Linux, so far I have replace 5 servers with two Linux boxes that do the same job but so far has been incredibly fast and reliable. I feel cheesey as I should know the answer to the following question (I've been doing this stuff for years, but on Windows machines). Here's the question:

I had set up a Mitel E-Smith box for some of my friends and family can host their own web sites. The problem is no one can access the ibays via ftp remotely over the internet to upload and update their files. The only directories that the users can access are the e-mail folders and their own personal home folder. How can I allow the users to access the ibays via ftp?

Any and all help would be very appreciated. Thanks in advance!

Vegas D.

You can tune a hard drive, but you can't tune a fish!

[jam]

HI Vegas,

I solved the same problem one year back with
http://www.dungog.net/sme/files/dungog-proftpd-chroot-0.1-3.noarch.rpm

Make sure you get right version for your E-smith box.

[christian burnat]

1) create an ibay

2) create a group - call it "my_ftp_people" or whatever (ignore "   ")

3) include in this group the users you wish to have full access to your ibay using ftp

 4) go back to your ibay and select the group "my_ftp_people" under Group

5) select write group read group under user access

6) select entire internet under  Public access

this should do it.  You users will have to navigate from their home directory to ibays/files and so on.  The Dungog module is useful in that it will allow you to pin-down anyone coming in under ftp to a particular directory - all below this directory is open, but one cannot go up in the tree...  The default is "home", but you can select a particular ibay, hence ensuring that whoever come in cannot go anyway else (i,e  traverse the directories on your box).

let me know how you fare.

cb

[%sig%]

[johan]

I am using a custom template
/etc/e-smith/templates-custom/etc/proftpd.conf/60AnonymousIBay
contents:


{
#------------------------------------------------------------
# How to handle logins from information bay accounts: chroot to the
# files part of the information bay directory.
#------------------------------------------------------------

my %accounts;
tie %accounts, 'esmith::config', '/home/e-smith/accounts';

my $key;
my $value;
$OUT .= "";

   while (($key,$value) = each %accounts)
   {
      my ($type, %properties) = split (/\|/, $value, -1);
      if ($type eq 'ibay')
      {
      #------------------------------------------------------------
      # Figure out which combination of parameters to use. If
      # PublicAccess parameter is present, this is e-smith 4.0.
      # Otherwise, it's e-smith 3.0.
      #------------------------------------------------------------

      my $allow;
      my $pass;

      if ($properties{'PublicAccess'})
      {
         if ($properties{'PublicAccess'} eq 'none')
         {
            $allow = "127.0.0.1";
            $pass = 1;
         }
         elsif ($properties{'PublicAccess'} eq 'local')
         {
            $allow = $localAccess;
            $pass = 0;
         }
         elsif ($properties{'PublicAccess'} eq 'local-pw')
         {
            $allow = $localAccess;
            $pass = 1;
         }
         elsif ($properties{'PublicAccess'} eq 'global')
         {

            $allow = 'all';
            $pass = 0;
         }
         elsif ($properties{'PublicAccess'} eq 'global-pw')
         {
            $allow = 'all';
            $pass = 1;
         }
         elsif ($properties{'PublicAccess'} eq 'global-pw-remote')
         {
            $allow = 'all';
            $pass = 1;
         }
      }
      elsif ($properties {'ReadAccess'} eq 'global')
      {
         if ($properties {'UsePassword'} eq 'yes')
         {
            $allow = 'all';
            $pass = 1;
         }
         else
         {
            $allow = 'all';
            $pass = 0;
         }
      }
      else
      {
         if ($properties {'UsePassword'} eq 'yes')
         {
            $allow = $localAccess;
            $pass = 1;
         }
         else
         {
            $allow = $localAccess;
            $pass = 0;
         }
      }

      # variables: $allow (IP), $pass (bool)

      $OUT .= "\n";
      $OUT .= "\n";
      $OUT .= " User $key\n";
      $OUT .= " Group $key\n";
      $OUT .= " AnonRequirePassword " . ($pass ? "on" : "off") . "\n";
      $OUT .= " UseFtpUsers on\n";
      $OUT .= " MaxClients 10\n";
      $OUT .= " DisplayLogin welcome.msg\n";
      $OUT .= " DisplayFirstChdir .message\n";
      $OUT .= " \n";
      $OUT .= " Order Allow,Deny\n";
      $OUT .= " Allow from $allow\n";
      $OUT .= " Deny from all\n";
      $OUT .= " \n";
      $OUT .= " \n";
      $OUT .= " \n";
      $OUT .= " AllowAll\n";
      $OUT .= " \n";
      $OUT .= " \n";
      $OUT .= "\n";
      }
   }
}

next:
/sbin/e-smith/expand-template /etc/proftpd.conf
and it should work too. by setting ibay  to public access over internet.

little warning. I am not aware if there are any changes in the proftpd.conf template compared to sme server 6.0. This template was once made for 5.x if i am not mistaken. still seems to work fine here, but no garuantees.

[johan]

here is the link
seems to be ok with 6.0


http://sme.swerts-knudsen.dk/howtos/howto_10.htm

[crieder]

These infos sound already nice to me, but is there any possibility not to create a user for ftping files to an ibay ?
Otherwise, what is the login-possibility to an ibay good for, if I am not able to post files ?

I created an ibay called test and gave it the password test. I am able to login with ftp but not to post files, but this is exactly what I want to do, without creating an extra user for this job (webspace-only)

pls help

[crieder]

****** double post edited ******