[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Disable FTP Access

Subject: RE: [cobalt-users] Disable FTP Access
From: "Greg O'Lone" <greg@xxxxxxxxxxxxxxxx>
Date: Mon Apr 28 08:44:01 2003
Organization: Stretched Out Software Inc
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Ian
> Sent: Monday, April 28, 2003 8:27 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] Disable FTP Access
> 
> 
> > > > Lets try something rather radical here...In your
> > > > /etc/proftpd.conf file, add the following lines BEFORE the
> > > > <VirtualHost> directives that are already there (using the
> > > > domain you wish to block of course):
> > > >
> > > > <VirtualHost stretchedout.com>
> > > > <Limit LOGIN>
> > > > DenyAll
> > > > </Limit>
> > > > </VirtualHost>
> > >
> > > What happens if someone logs in by IP instead?
> >
> > What about
> >
> > <Limit Login>
> > DenyGroup Site4, Site5, Site6
> > </Limit>
> >
> > With Site4, Site5, and Site6 being the members of those sites?
> 
> Sorry to revisit this one, but did anyone get this type of 
> solution to work,
> apart from pointing off second domains and all that other stuff.
> 
> If denial of ftp access is not possible straight from the 
> ftpd.conf file or
> another file then so be it, and thats the way the cookie crumbles.
> 
> Regards,
> 
> Mac
> 

Mac,

After reading all the comments (and deciding that our way was tedious at
best) I went back to look at the ProFTPD manual and found a "simple" way
to do this. First of all, if you put all of these "email only" customers
on a single IP address, it'll make your life a lot easier. Then in your
/etc/proftpd.conf file, go down to the <virtualhost> for that IP address
and add the following lines:

<Limit LOGIN>
DenyAll
</Limit>

In our case, the section looks like this:

<VirtualHost xx.xx.xx.xx>
        DefaultRoot             / admin
        DefaultRoot             ~/../.. site-adm
        DefaultRoot             ~ !site-adm
        AllowOverwrite          on
        DisplayLogin            .ftphelp
	  <Limit LOGIN>
		DenyAll
	  </Limit>
</VirtualHost>

I just added the lines, not removing any of the "now unneeded" lines to
avoid any issues with the RaQ. Hope this helps. Thanks to everyone that
answered this one, having to do more research made our system better
too!

--
Greg O'Lone, President
Stretched Out Software, Inc
http://www.stretchedout.com

Follow-Ups:
- RE: [cobalt-users] Disable FTP Access
  - From: Ian

References:
- RE: [cobalt-users] Disable FTP Access
  - From: Ian

Prev by Date: Re: [cobalt-users] CMU Version
Next by Date: RE: [cobalt-users] Raq4 Security Solutions?
Previous by thread: RE: [cobalt-users] Disable FTP Access
Next by thread: RE: [cobalt-users] Disable FTP Access

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index