Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: mmccarn on June 07, 2007, 06:35:06 PM

Title: Different ftp configuration for local vs remote users
Post by: mmccarn on June 07, 2007, 06:35:06 PM

Is there any easy way to use different configurations for the ftp server on the LAN and WAN interface?

I'd like to have this:
- public internet access from the internet using passwords
- one or more users with ftp access on the LAN but who cannot have ftp access from the WAN (they use FTP in the office for backup, but I don't want them downloading their data from off-site)
- one or more (different) users with full ftp access (LAN & WAN) - who need to access their files using ftp from off-site.

I could do this if I could make proftpd use different 'ftpusers' files for LAN and WAN, or if I could make it only use 'ftpusers' on the WAN interface -- then I could simply add the non-WAN usernames to /etc/ftpusers and they would be denied access from off-site.

(Note: I'm looking for help for this topic on the french forum: http://forums.contribs.org/index.php?topic=37168.0)

Title: Re: Different ftp configuration for local vs remote users
Post by: CharlieBrady on June 08, 2007, 01:47:10 AM

Quote from: "mmccarn"

Is there any easy way to use different configurations for the ftp server on the LAN and WAN interface?

You'd need two different configuration files, and you'd need to configure tcpsvd via the peers mechanism to run in.proftpd with a different configuration file depending on whether the connection was local or remote. The local and remote configurations are already templated.

Title: Different ftp configuration for local vs remote users
Post by: mmccarn on June 09, 2007, 06:57:49 PM

I can't find any way to tell in.proftpd to use a different configuration file.  Do you think it would work to have them share a config file with separate 'virtualhost' sections, then split the 'tcpsvd' into local & remote versions?

It looks (from the tcpsvd docs) as though if I create peers/0 and peers/local as executable files then they will take precedence over the default ./run file?

Title: Different ftp configuration for local vs remote users
Post by: CharlieBrady on June 10, 2007, 01:52:51 AM

Quote from: "mmccarn"

I can't find any way to tell in.proftpd to use a different configuration file.  Do you think it would work to have them share a config file with separate 'virtualhost' sections, then split the 'tcpsvd' into local & remote versions?

I've no idea. I don't think anyone should use ftp anymore.

Actually, I do (now) have an idea. Google for "proftpd command line config file".