[BlueOnyx:06901] Re: MLSD not reporting symbolic links in ftp
Robert Fitzpatrick
robert at webtent.org
Tue Apr 5 12:16:38 -05 2011
On 4/5/2011 9:40 AM, Jeffrey Pellin wrote:
> Bump anyone?
>
> MLSD is the new standard(?) for ftp. Clients like FileZilla no longer
> support non-MLSD commands like LIST. ProFTP say it's all down to the
> server if symbolic links don't show.
>
> So can anyone tell me if they can ftp in to an up-to-date BO box with a
> late version of FileZilla and see symbolic links? ie. is it a problem we
> all have, or is it just my box?
>
Yep, just loaded a BO box over the weekend with all updates and can see
sym links no problem with latest FileZilla. Same with WinSCP, can
see...here is proftpd.conf...
> [root at www1 admin]# cat /etc/proftpd.conf
> # This is the ProFTPD configuration file
> # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
>
> ServerName "ProFTPD server"
> ServerIdent on "FTP Server ready."
> ServerAdmin root at localhost
> #ServerType standalone
> ServerType inetd
> DefaultServer on
> AccessGrantMsg "User %u logged in."
> #DisplayConnect /etc/ftpissue
> #DisplayLogin /etc/ftpmotd
> #DisplayGoAway /etc/ftpgoaway
> DeferWelcome off
> RequireValidShell off
>
> # Use this to excude users from the chroot
> DefaultRoot / wheel
> DefaultRoot / admin-users
> DefaultRoot ~/../../.. site-adm
> DefaultRoot ~ !site-adm
>
> # Use pam to authenticate (default) and be authoritative
> AuthPAMConfig proftpd
> AuthOrder mod_auth_pam.c* mod_auth_unix.c
>
> # Do not perform ident nor DNS lookups (hangs when the port is filtered)
> TimesGMT off
> IdentLookups off
>
> # begin global -- do not delete
> MaxClients 100000
> IdentLookups off
> UseReverseDNS off
> # end global -- do not delete
>
> # Port 21 is the standard FTP port.
> Port 21
>
> # Umask 022 is a good standard umask to prevent new dirs and files
> # from being group and world writable.
> Umask 022
>
> # Default to show dot files in directory listings
> ListOptions "-a"
>
> # See Configuration.html for these (here are the default values)
> #MultilineRFC2228 off
> #RootLogin off
> LoginPasswordPrompt on
> MaxLoginAttempts 3
> #MaxClientsPerHost none
> #AllowForeignAddress off # For FXP
>
> # Allow to resume not only the downloads but the uploads too
> AllowRetrieveRestart on
> AllowStoreRestart on
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd)
> MaxInstances 20
>
> # Set the user and group that the server normally runs at.
> User nobody
> Group nobody
>
> # Disable sendfile by default since it breaks displaying the download speeds in
> # ftptop and ftpwho
> UseSendfile no
>
> # This is where we want to put the pid file
> ScoreboardFile /var/run/proftpd.score
>
> # Normally, we want users to do a few things.
> <Global>
> AllowOverwrite yes
> <Limit ALL SITE_CHMOD>
> AllowAll
> </Limit>
> # Restrict the range of ports from which the server will select when sent the
> # PASV command from a client. Use IANA-registered ephemeral port range of
> # 49152-65534
> PassivePorts 49152 65534
> IdentLookups off
> </Global>
>
> # Define the log formats
> LogFormat default "%h %l %u %t \"%r\" %s %b"
> LogFormat auth "%v [%P] %h %t \"%r\" %s"
>
> # TLS
> <IfModule mod_tls.c>
> TLSEngine on
> TLSLog /var/log/proftpd/tls.log
> TLSRequired off
> TLSRSACertificateFile /etc/pki/dovecot/certs/dovecot.pem
> TLSRSACertificateKeyFile /etc/pki/dovecot/private/dovecot.pem
> TLSVerifyClient off
> TLSOptions NoCertRequest
> TLSRenegotiate required off
> </IfModule>
>
> # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
> #TLSEngine on
> #TLSRequired on
> #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
> #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
> #TLSCipherSuite ALL:!ADH:!DES
> #TLSOptions NoCertRequest
> #TLSVerifyClient off
> #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
> #TLSLog /var/log/proftpd/tls.log
>
> # SQL authentication Dynamic Shared Object (DSO) loading
> # See README.DSO and howto/DSO.html for more details.
> #<IfModule mod_dso.c>
> # LoadModule mod_sql.c
> # LoadModule mod_sql_mysql.c
> # LoadModule mod_sql_postgres.c
> #</IfModule>
>
> # A basic anonymous configuration, with an upload directory.
> #<Anonymous ~ftp>
> # User ftp
> # Group ftp
> # AccessGrantMsg "Anonymous login ok, restrictions apply."
> #
> # # We want clients to be able to login with "anonymous" as well as "ftp"
> # UserAlias anonymous ftp
> #
> # # Limit the maximum number of anonymous logins
> # MaxClients 10 "Sorry, max %m users -- try again later"
> #
> # # Put the user into /pub right after login
> # #DefaultChdir /pub
> #
> # # We want 'welcome.msg' displayed at login, '.message' displayed in
> # # each newly chdired directory and tell users to read README* files.
> # DisplayLogin /welcome.msg
> # DisplayFirstChdir .message
> # DisplayReadme README*
> #
> # # Some more cosmetic and not vital stuff
> # DirFakeUser on ftp
> # DirFakeGroup on ftp
> #
> # # Limit WRITE everywhere in the anonymous chroot
> # <Limit WRITE SITE_CHMOD>
> # DenyAll
> # </Limit>
> #
> # # An upload directory that allows storing files but not retrieving
> # # or creating directories.
> # <Directory uploads/*>
> # AllowOverwrite no
> # <Limit READ>
> # DenyAll
> # </Limit>
> #
> # <Limit STOR>
> # AllowAll
> # </Limit>
> # </Directory>
> #
> # # Don't write anonymous accesses to the system wtmp file (good idea!)
> # WtmpLog off
> #
> # # Logging for the anonymous transfers
> # ExtendedLog /var/log/proftpd/access.log WRITE,READ default
> # ExtendedLog /var/log/proftpd/auth.log AUTH auth
> #
> #</Anonymous>
>
> # mod_ban configuration:
> <IfModule mod_ban.c>
> BanEngine on
> BanLog /var/log/proftpd/ban.log
> BanTable /var/log/proftpd/ban.tab
>
> # If the same client reaches the MaxLoginAttempts limit 30 times
> # within 10 minutes, automatically add a ban for that client that
> # will expire after 30 minutes.
> BanOnEvent MaxLoginAttempts 30/00:10:00 00:30:00
>
> # Configure a rule to automatically ban scripts looking for anonymous
> # servers to which they can upload
> #BanOnEvent AnonRejectPasswords 1/01:00:00 01:00:00
>
> # Ban clients which connect too frequently. This rule bans clients
> # which connect more than 30 times within one minute. Include a special
> # message just for them and keep them out for one hour.
> BanOnEvent ClientConnectRate 30/00:01:00 01:00:00 "Stop connecting so frequently!"
>
> # Allow the FTP admin to manually add/remove bans
> BanControlsACLs all allow group wheel
> </IfModule>
Hope that helps!
--Robert
More information about the Blueonyx
mailing list