[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: RAQ3: Disable FTP access for "regular users" but still allow for site-admins & admin

Subject: [cobalt-users] Re: RAQ3: Disable FTP access for "regular users" but still allow for site-admins & admin
From: "David Thacker" <Cobalt@xxxxxxxxxxxxxx>
Date: Fri Jun 2 22:49:03 2000

Okay, I'll answer my own question in case anyone else is interested...

Yes, this does work as I wanted :-)  BUT you need to put this <Limit> block in
each <VirtualHost> block in proftpd.conf (as well as in the main site block if
wanted).  Putting it in a <Global> block does not work.

One could use the AllowUser or DenyUser commands to do this on a user rather
than group level as well, if desired.

So, here is an example modified <VirtualHost> block from /etc/proftpd.conf:

<VirtualHost 222.222.222.222>
        DefaultRoot             / admin
        DefaultRoot             ~/../.. site-adm
        DefaultRoot             ~ !site-adm
        AllowOverwrite          on
        DisplayLogin            .ftphelp
  <Limit LOGIN>
    AllowGroup                    admin
    AllowGroup                    site-adm
    DenyGroup                     !site-adm
  </Limit>
</VirtualHost>

Proftpd reads it's config file for every login, so there is no need to restart
the daemon when making these changes.  I just make changes to a
proftp.conf.limit file and then cp it over proftpd.conf.

dAvid tHacker                                  Email: David@xxxxxxxxxxxxxx
Thacker Network Technologies Inc.                Http://www.ThackerNet.com

BTW: The IP address shown above is not mine, but actually resolves to
wal-mart.ca.  I wonder who has 111.111.111.111...


> I am trying to figure out how to disable FTP access for "regular" users,
while
> still enabling it for site-admins and admin.  I've searched the archives and
> knowledgebase, but haven't found it spelled out for me yet.  Does anyone
know
> how to easily accomplish this?
>
> I looked at /etc/proftpd.conf which defines the default ftp directories for
> the different classes of users for each vhost, and browsed the proftpd docs
> online.  Can I do something like this to accomplish what I want:
>
> <Limit LOGIN>
>   AllowGroup    admin
>   AllowGroup    site-adm
>   DenyGroup     !site-adm
> </Limit>
>
> If I place this is the server-config block at the top of proftpd.conf, it
> should work for all virtual hosts, right?
>
> Has anyone tried this before I give it a crack?

Prev by Date: RE: [cobalt-users] site help
Next by Date: Re: [cobalt-users] site help
Previous by thread: Re: [cobalt-users] site help
Next by thread: [cobalt-users] Shell Aliases

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index