Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: purvis on April 07, 2011, 11:34:27 PM
-
This was asked before and now is in the legacy section of the forum but there was never a response to it.
My sme server is running in server mode behind a non commerical router.
Can i restrict or give ftp access to certain users by any easy means.
I have ftp access turned on for internet users.
I would like to grant access to one or two users, but not all users, such as admin and root and many others.
Basically i would like to deny most users.
The purpose is for those certain users to upload log files from external computers.
Thanks in advance.
Sorry if i over looked something
I do really really like the blocking of emails coming from external internet sources, i block my admin account from receiving emails as well as certain other user accounts that we use for shared directories. Most of those emails are spam for admin from the internet on my systems.
-
[caveat]I'm not an expert on proftpd[/caveat]
From looking at http://www.proftpd.org/docs/howto/Limit.html, you may be able to do what you want by creating a custom copy of /etc/e-smith/templates/etc/proftpd.conf/15LimitLOGIN
Create the appropriate custom template folder:mkdir -p /etc/e-smith/templates-custom/etc/proftpd.conf/
Create a custom version of 15LimitLOGIN (this example assumes that your FTP is set to access=public, or "Allow public access (entire Internet)"):echo '#Limit LOGIN set using custom template
<Limit LOGIN>
AllowUser joe
AllowUser mary
DenyAll
</Limit>
' > /etc/e-smith/templates-custom/etc/proftpd.conf/15LimitLOGIN
Activate your changes:expand-template /etc/proftpd.conf
sv restart ftp
Remove these mods using:rm -f /etc/e-smith/templates-custom/etc/proftpd.conf/15LimitLOGIN
expand-template /etc/proftpd.conf
sv restart ftp
-
Thank you kindly mmccarn for the answer and a timely response.
Your response post did exactly what was needed and it seems to work as i asked.
in file /etc/proftpd.conf
it changed from
<Limit LOGIN>
AllowAll
</Limit>
to
weblogger is any user's name, maybe ftpuser would of been a better name
#Limit LOGIN set using custom template
<Limit LOGIN>
AllowUser weblogger
DenyAll
</Limit>
********the below idea did not work for me*********
and even better, i maybe should of done this
Replaced AllowUser with AllowGroup might of worked better for me if i had created a group and named the group "ftpusers"
i could just put in the one line
AllowGroup ftpusers
Then using the server-manager panel to add or remove users to that group to allow ftp login access.
#Limit LOGIN set using custom template
<Limit LOGIN>
AllowGroup ftpusers
DenyAll
</Limit>
*******once again, the immediate above idea did not work for me********
-
I was sort of shocked when i was able to ftp into the server as admin and root as well if i am not mistaken.
Everybody knows of a admin and root user name and from the internet, that was not so good for me.
When you use ftp and login as admin or root, you have full access to all ibays.
sFTP may be the way to go, but it sure is a lot harder to write a stand alone program to use SSL technology and usually nobody wants to share their code to do so.
Maybe one day, the technology built into equipment will have the ability to encryt and decrypt automatically.