Topic: ftp access for specific users

[purvis]

This was asked before and now is in the legacy section of the forum but there was never a response to it.

My sme server is running in server mode behind a non commerical router.

Can i restrict or give ftp access to certain users by any easy means.
I have ftp access turned on for internet users.
I would like to grant access to one or two users, but not all users, such as admin and root and many others.
Basically i would like to deny most users.
The purpose is for those certain users to upload log files from external computers.

Thanks in advance.

Sorry if i over looked something
I do really really like the blocking of emails coming from external internet sources, i block my admin account from receiving emails as well as certain other user accounts that we use for shared directories. Most of those emails are spam for admin from the internet on my systems.

 

[mmccarn]

[caveat]I'm not an expert on proftpd[/caveat]

From looking at http://www.proftpd.org/docs/howto/Limit.html, you may be able to do what you want by creating a custom copy of /etc/e-smith/templates/etc/proftpd.conf/15LimitLOGIN

Create the appropriate custom template folder:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/
Create a custom version of 15LimitLOGIN (this example assumes that your FTP is set to access=public, or "Allow public access (entire Internet)"):

Code: [Select]

echo '#Limit LOGIN set using custom template
<Limit LOGIN>
   AllowUser joe
   AllowUser mary
   DenyAll
</Limit>
' > /etc/e-smith/templates-custom/etc/proftpd.conf/15LimitLOGIN
Activate your changes:

Code: [Select]

expand-template /etc/proftpd.conf
sv restart ftp


Remove these mods using:

Code: [Select]

rm -f /etc/e-smith/templates-custom/etc/proftpd.conf/15LimitLOGIN
expand-template /etc/proftpd.conf
sv restart ftp


[purvis]

Thank you kindly mmccarn for the answer and a timely response.

Your response post did exactly what was needed and it seems to work as i asked.

in file /etc/proftpd.conf
it changed from

Code: [Select]

<Limit LOGIN>
  AllowAll
</Limit>
to

weblogger is any user's name, maybe ftpuser would of been a better name
 

Code: [Select]

#Limit LOGIN set using custom template
<Limit LOGIN>
   AllowUser weblogger
   DenyAll
</Limit>








********the below idea did not work for me*********
and even better, i maybe should of done this

Replaced AllowUser with AllowGroup might of worked better for me if i had created a group and named the group "ftpusers"
i could just put in the one line
AllowGroup ftpusers
Then using the server-manager panel to add or remove users to that group to allow ftp login access.
 

Code: [Select]

#Limit LOGIN set using custom template
<Limit LOGIN>
   AllowGroup ftpusers
   DenyAll
</Limit>
*******once again, the immediate above idea did not work for me********

[purvis]

I was sort of shocked when i was able to ftp into the server as admin and root as well if i am not mistaken.
Everybody knows of a admin and root user name and from the internet, that was not so good for me.
When you use ftp and login as admin or root, you have full access to all ibays.

sFTP may be the way to go, but it sure is a lot harder to write a stand alone program to use SSL technology and usually nobody wants to  share their code to do so.

Maybe one day, the technology built into equipment will have the ability to encryt and decrypt automatically.