[BlueOnyx:07782] Re: Anonymous FTP
Darrell D. Mobley
dmobley at uhostme.com
Fri Jul 22 14:21:15 -05 2011
> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-
> bounces at mail.blueonyx.it] On Behalf Of Robert Fitzpatrick
> Sent: Friday, July 22, 2011 12:51 PM
> To: blueonyx at mail.blueonyx.it
> Subject: [BlueOnyx:07779] Re: Anonymous FTP
>
> Yep, tried that too, still requires login for anonymous. I have reboot,
> compared permissions, users and groups, the proftpd.conf file all from a
> working server, scoured Google for answers. Nothing works, cannot figure
> this out. This is a new server setup just a couple of weeks ago 5106R
> with all updates. All normal user login works, it is just anonymous.
> Server only has one IP address, tried to disable and enable on another
> site, same issue on other site. Can't find any help in the logs. I don't
> have any hair to pull out :(
Your /home/sites/host.domain.tld/ directory ownership and permissions should
be:
drwxrwsr-x 6 SITE10 site10 12288 Jun 17 18:17 ftp
All the files in that directory should be owned by SITE10.site10
In the GUI, under Server Management -> Network Services -> FTP
Enable Server is checked, Hostname Lookups is not, Max Connections is 80.
Under Site Management -> host.domain.tld -> Services -> FTP
Allow users to access FTP is checked, Anonymous FTP is checked, Max disk
space is 10,000MB, Max Simultaneous Connections is 10.
Under Web Ownership, Siteadmin that owns /web is nobody.
Under Web, Enable suPHP is disabled.
Run "/etc/rc.d/init.d/xinetd stop"
Install the /etc/proftpd.com below, then run "/etc/rc.d/init.d/xinetd
start".
Here is my /etc/proftp.conf file. It should work as a direct plugin for you
after you edit the IP address:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root at localhost
#ServerType standalone
ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off
RequireValidShell off
# Use this to excude users from the chroot
DefaultRoot / wheel
DefaultRoot / admin-users
DefaultRoot ~/../../.. site-adm
DefaultRoot ~ !site-adm
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
TimesGMT off
IdentLookups off
# begin global -- do not delete
MaxClients 100000
IdentLookups off
UseReverseDNS off
# end global -- do not delete
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
LoginPasswordPrompt on
MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Disable sendfile by default since it breaks displaying the download speeds
in
# ftptop and ftpwho
UseSendfile no
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
# Restrict the range of ports from which the server will select when sent
the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534
IdentLookups off
</Global>
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSRequired off
TLSRSACertificateFile /etc/pki/dovecot/certs/dovecot.pem
TLSRSACertificateKeyFile /etc/pki/dovecot/private/dovecot.pem
TLSVerifyClient off
TLSOptions NoCertRequest
TLSRenegotiate required off
</IfModule>
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
# LoadModule mod_sql.c
# LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
#</IfModule>
# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
# mod_ban configuration:
<IfModule mod_ban.c>
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/log/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 30 times
# within 10 minutes, automatically add a ban for that client that
# will expire after 30 minutes.
BanOnEvent MaxLoginAttempts 30/00:10:00 00:30:00
# Configure a rule to automatically ban scripts looking for anonymous
# servers to which they can upload
#BanOnEvent AnonRejectPasswords 1/01:00:00 01:00:00
# Ban clients which connect too frequently. This rule bans clients
# which connect more than 30 times within one minute. Include a special
# message just for them and keep them out for one hour.
BanOnEvent ClientConnectRate 30/00:01:00 01:00:00 "Stop connecting so
frequently!"
# Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow group wheel
</IfModule>
<VirtualHost x.x.x.x>
DefaultRoot / wheel
DefaultRoot / admin-users
DefaultRoot ~/../../.. site-adm
DefaultRoot ~ !site-adm
AllowOverwrite on
DefaultChdir /web
DisplayLogin .ftphelp
<Anonymous /home/.sites/48/site10/ftp>
User SITE10
Group nobody
UserAlias anonymous SITE10
UserAlias guest SITE10
UserAlias ftp SITE10
MaxClients 10
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory /home/.sites/48/site10/ftp/incoming/*>
Umask 002
AllowOverwrite off
<Limit STOR>
AllowAll
</Limit>
<Limit READ DIRS>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
More information about the Blueonyx
mailing list