I'm setting up a ftp server. I need to be able to have people have a non interactive login through a web browser into a chrooted directory i.e. ftp://somewhere.com. I also need to have a URL that will auto login a user to a chrooted directory. These chrooted directories will be RO for all anonymous access. That said I also need to have a staff account that has upload rights to these directories. Before I was able to use with Windowz FTP servers: ftp://user:password at somewhere.com. This does not pass with proftpd or vsftpd. Are there conf entries that will allow these? I know there are security risks associated with this but it is an environment I have to deal with anyway. Conf file: # This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root at localhost ServerType standalone DefaultServer on AccessGrantMsg "User %u logged in." DeferWelcome off DefaultRoot ~ !adm AuthPAMAuthoritative on IdentLookups off UseReverseDNS off Port 21 Umask 022 ListOptions "-a" AllowRetrieveRestart on AllowStoreRestart on MaxInstances 20 User nobody Group nobody ScoreboardFile /var/run/proftpd.score <Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global> LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" <Anonymous ~ftp> <Limit LOGIN> AllowAll </Limit> User ftp Group ftp AccessGrantMsg "Anonymous login ok, restrictions apply." UserAlias anonymous ftp DefaultChdir /pub <Limit WRITE SITE_CHMOD> DenyAll </Limit> <Limit STOR> DenyAll </Limit> <Limit READ> AllowAll </Limit> </Anonymous> Thanks, Ed
On Mon, 2005-09-12 at 21:42 -0700, Ed Morrison wrote:> I'm setting up a ftp server. I need to be able to have people have a > non interactive login through a web browser into a chrooted directory > i.e. ftp://somewhere.com. I also need to have a URL that will auto login > a user to a chrooted directory. These chrooted directories will be RO > for all anonymous access. That said I also need to have a staff account > that has upload rights to these directories. > > Before I was able to use with Windowz FTP servers: > ftp://user:password at somewhere.com. This does not pass with proftpd or > vsftpd. Are there conf entries that will allow these? I know there are > security risks associated with this but it is an environment I have to > deal with anyway.<snip> I use Proftpd and I am able to log in with a web browser just fine. That said, my directories are chrooted but they are r/w not r/o. Have you verified that these accounts work with a standard ftp client? This is a long shot, without having put too much thought into it .. but have you tried RequireValidShell off? I've always found it easier to debug starting proftpd with "proftpd -d <debug level> -n" the "-n" flag tells the daemon not to go to the background. HTH, Barry