Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2011-08-13 20:07:48
grom120 - 
Użytkownik
- grom120
- Użytkownik
- Zarejestrowany: 2009-09-30
proftpd virtual users via AuthUserFile
Witam
Potrzebuje postawić serwer ftp, padlo na proftpd. Logowanie na serwer z użyciem kont tworzonych w systemie dziala ale chcialbym tworzyć je przez ftpasswd, coby bylo bezpieczniej
do tworzenia kont uzywam tego skrypta :
Kod:
#!/bin/sh if [ $# -lt 2 ] ; then echo "podaj jako pierwszy parametr nazwe uzytkownika, jako drugi parametr jego folder" else ftpasswd --passwd --file /etc/proftpd/ftpd.passwd --name $1 --home /home/$2 -p --uid 2007 --shell /bin/false mkdir -p /home/$2 chown -R proftpd:nogroup /home/$2 chmod 751 /home/$2 fi
Tu konfiguracja proftpd:
Kod:
# # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 on # If set on you can experience a longer connection delay in many cases. IdentLookups off ControlsSocket /var/run/proftpd.sock ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ #sciezka do pliku z userami i grupami ftp AuthUserFile /etc/proftpd/ftpd.passwd # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. RequireValidShell off # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # This is useful for masquerading address with dynamic IPs: # refresh any configured MasqueradeAddress directives every 8 hours <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: # PersistentPasswd off # This is required to use both PAM-based authentication and local passwords AuthOrder mod_auth_pam.c* mod_auth_unix.c TLSEngine off # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> # # Alternative authentication frameworks # #Include /etc/proftpd/ldap.conf #Include /etc/proftpd/sql.conf # # This is used for FTPS connections # #Include /etc/proftpd/tls.conf # # Useful to keep VirtualHost/VirtualRoot directives separated # #Include /etc/proftpd/virtuals.con
userzy sie tworza w pliku /etc/proftpd/ftpd.passwd ale przy probie logowania w logach wyskakuje :
Kod:
13 19:57:58 vps11119 proftpd[7432] host-195-117-191-78.vps-vmware.pl (87-205-161-73.adsl.inetia.pl[::ffff:87.205.161.73]): FTP session opened. sie 13 19:57:58 vps11119 proftpd[7432] host-195-117-191-78.vps-vmware.pl (87-205-161-73.adsl.inetia.pl[::ffff:87.205.161.73]): USER test1: no such user found from 87-205-161-73.adsl.inetia.pl [::ffff:87.205.161.73] to ::ffff:195.117.191.78:21 sie 13 19:57:59 vps11119 proftpd[7432] host-195-117-191-78.vps-vmware.pl (87-205-161-73.adsl.inetia.pl[::ffff:87.205.161.73]): FTP session closed.
probowalem zmieniac uprawnienia ale to nic nie daje ...
Offline
#2 2011-08-14 00:10:24
Jacekalex - Podobno człowiek...;)
- Jacekalex
- Podobno człowiek...;)
- Skąd: /dev/urandom
- Zarejestrowany: 2008-01-07
Re: proftpd virtual users via AuthUserFile
Najprościej zrobisz to z mysql'em.
Dodajesz usera i hasło do tabelki w bazie, a w proftpd włączasz opcję autocreate home, i po sprawie.
Z ftppasswd automatyczne tworzenie folderu użyszkodnika też pójdzie, i przy okazji ustawi uprawnienia.
Sznurki:
http://www.proftpd.org/docs/directives/linked/config_ref_CreateHome.html
http://www.proftpd.org/docs/howto/SQL.html
http://www.howtoforge.com/proftpd_mysql_virtual_hosting
To by było na tyle
:craz:
Ostatnio edytowany przez Jacekalex (2011-08-14 00:10:59)
W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem para bellum ;) | Pozdrawiam :)
Offline
#3 2011-08-14 07:13:06
ArnVaker - Kapelusznik
- ArnVaker
- Kapelusznik
- Skąd: Midgard
- Zarejestrowany: 2009-05-06
Re: proftpd virtual users via AuthUserFile
[b]OT:[/b]
[quote=Jacekalex]:craz:[/quote]
Co to? :D
[img]http://svn.debianart.org/themes/generic/spinner/spinner48px-moreblue.png[/img]
Offline
Informacje debugowania
| Time (s) | Query |
|---|---|
| 0.00016 | SET CHARSET latin2 |
| 0.00006 | SET NAMES latin2 |
| 0.00132 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.145.114.211' WHERE u.id=1 |
| 0.00097 | UPDATE punbb_online SET logged=1716812267 WHERE ident='3.145.114.211' |
| 0.00059 | SELECT * FROM punbb_online WHERE logged<1716811967 |
| 0.00087 | DELETE FROM punbb_online WHERE ident='185.191.171.19' |
| 0.00149 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=19516 AND t.moved_to IS NULL |
| 0.00007 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00153 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=19516 ORDER BY p.id LIMIT 0,25 |
| 0.00098 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=19516 |
| Total query time: 0.00804 s | |