Proftpd question

Proftpd question

[Jayson Smith]

Hi,
On my Gentoo box I have Proftpd installed.  I have it set up, as the
defaults are, to allow anonymous access.  Yet, whenever I try to log in as
anonymous and give an Email address as my password, it tells me my login is
incorrect.  Any thoughts?
Jayson.

Re: Proftpd question

[Gregory Nowak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check if you have

ftp

as one of the users in /etc/ftpusers. If you do, then either remove
the ftp line, or comment it out.

Greg


On Tue, Jul 13, 2004 at 11:44:13PM -0400, Jayson Smith wrote:
> Hi,
> On my Gentoo box I have Proftpd installed.  I have it set up, as the
> defaults are, to allow anonymous access.  Yet, whenever I try to log in as
> anonymous and give an Email address as my password, it tells me my login is
> incorrect.  Any thoughts?
> Jayson.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> 
> !DSPAM:40f4ac4b48762015313628!
> 
> 

- -- 
Free domains: http://www.eu.org/ or mail dns-manager@EU.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA9K/U7s9z/XlyUyARAr2jAJ0YpHdxJ+6eXCdx0jdYnkznze9oDgCg4GxU
fpI3rx2YBfLlor5AK5LRKTM=
=CMmP
-----END PGP SIGNATURE-----

RE: Proftpd question

[Sina Bahram]

Hi Greg,

Thank you for the suggestion. I actually got it working, although my lack of
familiarity with linux leads me to believe I need to do some research into
chroot and exactly what it is.

Thank you for your suggestions and help.

Take care,
Sina


No trees were destroyed in sending this message; however, a large number of
electrons were terribly inconvenienced.

-----Original Message-----
From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca]
On Behalf Of Gregory Nowak
Sent: Wednesday, July 14, 2004 12:00 AM
To: Jayson Smith; Speakup is a screen review system for Linux.
Subject: Re: Proftpd question


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check if you have

ftp

as one of the users in /etc/ftpusers. If you do, then either remove the ftp
line, or comment it out.

Greg


On Tue, Jul 13, 2004 at 11:44:13PM -0400, Jayson Smith wrote:
> Hi,
> On my Gentoo box I have Proftpd installed.  I have it set up, as the 
> defaults are, to allow anonymous access.  Yet, whenever I try to log 
> in as anonymous and give an Email address as my password, it tells me 
> my login is incorrect.  Any thoughts? Jayson.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca 
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> 
> !DSPAM:40f4ac4b48762015313628!
> 
> 

- -- 
Free domains: http://www.eu.org/ or mail dns-manager@EU.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA9K/U7s9z/XlyUyARAr2jAJ0YpHdxJ+6eXCdx0jdYnkznze9oDgCg4GxU
fpI3rx2YBfLlor5AK5LRKTM=
=CMmP
-----END PGP SIGNATURE-----

_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: Proftpd question

[Shaun Oliver]

have a look in /etc/ftpusers and see if ftp is in there. if it is piss 
it off cause any user listed in that file don't get ftp access.

-- 
Shaun Oliver


"I refuse to have a battle of wits with an unarmed person."
email: shaun.oliver@optusnet.com.au
WEB: http://blindman.homelinux.org/~blindman/
IRC: irc.awesomechat.net:6666
IRCNICK: blindman

Re: Proftpd question

[Jayson Smith]

As previously indicated to Greg, I don't have a /etc/ftpusers.  I sent him
my proftpd.conf to look at.
Jayson.

----- Original Message -----
From: "Shaun Oliver" <shaun.oliver@optusnet.com.au>
To: "Jayson Smith" <ratguy@bellsouth.net>; "Speakup is a screen review
system for Linux." <speakup@braille.uwo.ca>
Sent: Wednesday, July 14, 2004 5:24 AM
Subject: Re: Proftpd question


> have a look in /etc/ftpusers and see if ftp is in there. if it is piss
> it off cause any user listed in that file don't get ftp access.
>
> --
> Shaun Oliver
>
>
> "I refuse to have a battle of wits with an unarmed person."
> email: shaun.oliver@optusnet.com.au
> WEB: http://blindman.homelinux.org/~blindman/
> IRC: irc.awesomechat.net:6666
> IRCNICK: blindman

Re: Proftpd question

[Joseph C. Lininger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes see the file /etc/ftpusers. You need to remove the user ftp from 
that list. The /etc/ftpusers file specifies users that are not allowed 
to use the ftp server. YOu'll want to list users like root, bin, and 
other accounts like that. However, anonymous users are logged in as ftp, 
so that user will need to be removed from the list.

- -- 
Joseph C. Lininger
jbahm@pcdesk.net
Note, the following is used for automated processing. Please lieve in 
tact if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7

On Tue, 13 Jul 2004, Jayson Smith wrote:

> Hi,
> On my Gentoo box I have Proftpd installed.  I have it set up, as the
> defaults are, to allow anonymous access.  Yet, whenever I try to log in as
> anonymous and give an Email address as my password, it tells me my login is
> incorrect.  Any thoughts?
> Jayson.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA9W2CJ6dqn0mqPbARAo3IAJ0RsO5agK3g8i28dr1xvkCGww8UqQCfS5nQ
gLUz6Xa25H+DITYFk66WFhk=
=4dRs
-----END PGP SIGNATURE-----

Re: Proftpd question

[Jayson Smith]

Hi,
That fixed it but I've got another problem.  When I log in anonymously
locally using ncftp, I can see a directory called dectalk@ but can't change
to that directory.  When logging in via my Windows machine I get an empty
directory listing.  I do have a symlink to /var/www/dectalk in /home/ftp.
That, in fact, is the only thing there.  But I can't get to it.  I went into
my proftpd.conf and commented out the line about chrooting everybody into
their home dir.  Any thoughts?
Jayson.

----- Original Message -----
From: "Gregory Nowak" <greg@romuald.net.eu.org>
To: "Jayson Smith" <ratguy@bellsouth.net>
Sent: Wednesday, July 14, 2004 1:38 PM
Subject: Re: Proftpd question


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ok. In your anonymous section, above the lines that say
>
> User ftp
> Group ftp
>
> put the following line
>
> RequireValidShell             off
>
> Other then that, there are no major differences between your
> proftpd.conf and mine that would prevent anonymous users from logging
> in.
>
> If the above suggestion still doesn't help, then what does your
proftpd.log, or wherever proftpd logs things say when
> you try to login as anonymous?
>
> Greg
>
>
> - --
> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFA9W+S7s9z/XlyUyARAtMDAJsGll78eqB0JdZxrR+vZTyPPkvkjwCfWu7g
> iSRf5TemTcUXQj6piVZA1QM=
> =76cT
> -----END PGP SIGNATURE-----

Re: Proftpd question

[Gregory Nowak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This could be due to the permissions and ownership of
/var/www/dectalk. It should be owned by root, with a group of root,
and 755 permissions.

Greg


On Wed, Jul 14, 2004 at 01:48:05PM -0400, Jayson Smith wrote:
> Hi,
> That fixed it but I've got another problem.  When I log in anonymously
> locally using ncftp, I can see a directory called dectalk@ but can't change
> to that directory.  When logging in via my Windows machine I get an empty
> directory listing.  I do have a symlink to /var/www/dectalk in /home/ftp.
> That, in fact, is the only thing there.  But I can't get to it.  I went into
> my proftpd.conf and commented out the line about chrooting everybody into
> their home dir.  Any thoughts?
> Jayson.
> 

- -- 
Free domains: http://www.eu.org/ or mail dns-manager@EU.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA9Xq07s9z/XlyUyARAqKzAJ9PRJ/JOx+XFK7nFeUAcS38zC45BgCgwhXp
efkcDL6kyEYyqPdU52A9VF0=
=m0ap
-----END PGP SIGNATURE-----

Re: Proftpd question

[Joseph C. Lininger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You need to turn on the feature that allows symlinks. Also, if this is 
an anonymous ftp, keep in mind that an anonymous ftp has an implied 
chroot to the directory. YOu can't turn it off.

- -- 
Joseph C. Lininger
jbahm@pcdesk.net
Note, the following is used for automated processing. Please lieve in 
tact if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7

On Wed, 14 Jul 2004, Jayson Smith wrote:

> Hi,
> That fixed it but I've got another problem.  When I log in anonymously
> locally using ncftp, I can see a directory called dectalk@ but can't change
> to that directory.  When logging in via my Windows machine I get an empty
> directory listing.  I do have a symlink to /var/www/dectalk in /home/ftp.
> That, in fact, is the only thing there.  But I can't get to it.  I went into
> my proftpd.conf and commented out the line about chrooting everybody into
> their home dir.  Any thoughts?
> Jayson.
> 
> ----- Original Message -----
> From: "Gregory Nowak" <greg@romuald.net.eu.org>
> To: "Jayson Smith" <ratguy@bellsouth.net>
> Sent: Wednesday, July 14, 2004 1:38 PM
> Subject: Re: Proftpd question
> 
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Ok. In your anonymous section, above the lines that say
> >
> > User ftp
> > Group ftp
> >
> > put the following line
> >
> > RequireValidShell             off
> >
> > Other then that, there are no major differences between your
> > proftpd.conf and mine that would prevent anonymous users from logging
> > in.
> >
> > If the above suggestion still doesn't help, then what does your
> proftpd.log, or wherever proftpd logs things say when
> > you try to login as anonymous?
> >
> > Greg
> >
> >
> > - --
> > Free domains: http://www.eu.org/ or mail dns-manager@EU.org
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFA9W+S7s9z/XlyUyARAtMDAJsGll78eqB0JdZxrR+vZTyPPkvkjwCfWu7g
> > iSRf5TemTcUXQj6piVZA1QM=
> > =76cT
> > -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA9dbkJ6dqn0mqPbARAplzAKCIp5OwaiKyxycVX3U+JohnHd4fPACdHMM0
dnfWS5UeHiTjQzAmflemghQ=
=6rN2
-----END PGP SIGNATURE-----

Re: Proftpd question

[Jayson Smith]

A few questions.
First, the link is a symbolic link.  Would making it a hard link fix the
problem?  How do you make a hard link?
Also, is there a way to find out, in numeric terms, the permissions of a
file or directory?  Keeping up with what 755, rwx--r--r or whatever, etc.
means when compared to each other is a bit difficult for me at times.
Jayson.

----- Original Message -----
From: "Gregory Nowak" <greg@romuald.net.eu.org>
To: "Jayson Smith" <ratguy@bellsouth.net>; "Speakup is a screen review
system for Linux." <speakup@braille.uwo.ca>
Sent: Wednesday, July 14, 2004 2:25 PM
Subject: Re: Proftpd question


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This could be due to the permissions and ownership of
> /var/www/dectalk. It should be owned by root, with a group of root,
> and 755 permissions.
>
> Greg
>
>
> On Wed, Jul 14, 2004 at 01:48:05PM -0400, Jayson Smith wrote:
> > Hi,
> > That fixed it but I've got another problem.  When I log in anonymously
> > locally using ncftp, I can see a directory called dectalk@ but can't
change
> > to that directory.  When logging in via my Windows machine I get an
empty
> > directory listing.  I do have a symlink to /var/www/dectalk in
/home/ftp.
> > That, in fact, is the only thing there.  But I can't get to it.  I went
into
> > my proftpd.conf and commented out the line about chrooting everybody
into
> > their home dir.  Any thoughts?
> > Jayson.
> >
>
> - --
> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFA9Xq07s9z/XlyUyARAqKzAJ9PRJ/JOx+XFK7nFeUAcS38zC45BgCgwhXp
> efkcDL6kyEYyqPdU52A9VF0=
> =m0ap
> -----END PGP SIGNATURE-----

Re: Proftpd question

[Janina Sajka]

Jayson Smith writes:
> Also, is there a way to find out, in numeric terms, the permissions of a
> file or directory?  Keeping up with what 755, rwx--r--r or whatever, etc.
> means when compared to each other is a bit difficult for me at times.


I'm unaware that you can have ls put out permissions as their octal
equivalents, but I may learn something.

Still, if you remember that the "rwx--r--r" comes in groups of three,
you might find it easier. Here's how:

The first char is all by itself. It tells you whether the file is a
diectory, a link, etc.

The rest are grouped by three.

r is always 4
w is always 2
x is always 1

So, the example you gave, rwx--r--r, becomes 744.

And, the firstgroup of three, or the first octal digit, is for owner,
the next for group, and the last for world.

Re: Proftpd question

[Joseph C. Lininger]

Hi,
To answer your first question, a hard link wouldn't help you in this case. the reason is that you can't make a hard link to a directory. All a hard link is is another name in the filesystem for a file. They can't cross filesystems, and they can only point at files. To create one, just use the ln program without the -s option. If your kernel has the grsecurity patches installed (not likely), you can't even create a hard link that points outside a chroot. It really doesn't matter anyway since a hard link isn't an option. The only thing you can really do is to either use sftp (which doesn't chroot), or disable chrooting. I don't remember your exact problem now, but you can't use sftp for anonymous connections (obviously), and proftp has an implied chroot that can't be disabled for an anonymous ftp account. (this is a good thing actually)

To ansewr your second question, you can interpret the bits as follows:

r=4
w=2
x=1

For each group (owner, group, world) add these numbers together. Therefore, -rw-r--r-- gives 644 and -rwxr-xr-x gives 755.
-- 
Joseph C. Lininger
jbahm@pcdesk.net
Note, the following is used for automated processing. Please lieve in 
tact if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7

On Thu, 15 Jul 2004, Jayson Smith wrote:

> A few questions.
> First, the link is a symbolic link.  Would making it a hard link fix the
> problem?  How do you make a hard link?
> Also, is there a way to find out, in numeric terms, the permissions of a
> file or directory?  Keeping up with what 755, rwx--r--r or whatever, etc.
> means when compared to each other is a bit difficult for me at times.
> Jayson.
>
> ----- Original Message -----
> From: "Gregory Nowak" <greg@romuald.net.eu.org>
> To: "Jayson Smith" <ratguy@bellsouth.net>; "Speakup is a screen review
> system for Linux." <speakup@braille.uwo.ca>
> Sent: Wednesday, July 14, 2004 2:25 PM
> Subject: Re: Proftpd question
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> This could be due to the permissions and ownership of
>> /var/www/dectalk. It should be owned by root, with a group of root,
>> and 755 permissions.
>>
>> Greg
>>
>>
>> On Wed, Jul 14, 2004 at 01:48:05PM -0400, Jayson Smith wrote:
>>> Hi,
>>> That fixed it but I've got another problem.  When I log in anonymously
>>> locally using ncftp, I can see a directory called dectalk@ but can't
> change
>>> to that directory.  When logging in via my Windows machine I get an
> empty
>>> directory listing.  I do have a symlink to /var/www/dectalk in
> /home/ftp.
>>> That, in fact, is the only thing there.  But I can't get to it.  I went
> into
>>> my proftpd.conf and commented out the line about chrooting everybody
> into
>>> their home dir.  Any thoughts?
>>> Jayson.
>>>
>>
>> - --
>> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.3 (GNU/Linux)
>>
>> iD8DBQFA9Xq07s9z/XlyUyARAqKzAJ9PRJ/JOx+XFK7nFeUAcS38zC45BgCgwhXp
>> efkcDL6kyEYyqPdU52A9VF0=
>> =m0ap
>> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

Re: Proftpd question

[Jayson Smith]

Hi,
Got it working.  I just moved the files to /home/ftp and made a symlink in
/var/www.  Is it ok from a security standpoint to open up ftp to the outside
world?  I have an unofficial mirror of the unofficial Dectalk archive, an
archive of Dectalk as well as several other synths singing, performing
skits, and all sorts of other weirdness.  Would it be ok to allow the
outside world to access this via ftp?  They can already access it via http.
Jayson.

----- Original Message -----
From: "Joseph C. Lininger" <
jbahm@pcdesk.net>

To: "Jayson Smith" <
ratguy@bellsouth.net>

Sent: Friday, July 16, 2004 1:22 AM
Subject: Re: Proftpd question

> Well, that depends. If the allow symlinks option is set in apache, then
this will work. . I assume you are trying to access these files in /var/www
via anonymous ftp right? I can't remember what your doing now. If you are
trying to do this, why not set the anonymous account to access /var/www. If
you did that, the chroot would be to that directory and you wouldn't have a
problem.
>
> --
> Joseph C. Lininger
>
jbahm@pcdesk.net
> Note, the following is used for automated processing. Please lieve in
> tact if quoting me in a reply.
> Verification: 5eab38a77ac40416e075be8f50607ff7
>

Re: Proftpd question

[nick G]

Go ahead and do it!  It's ok, ProFTPD is secure.  They say VSFTPD is better,
but I have no clue.
Thanks,
Nick
----- Original Message ----- 
From: "Jayson Smith" <ratguy@bellsouth.net>
To: "Speakup" <speakup@braille.uwo.ca>
Sent: Friday, July 16, 2004 2:05 AM
Subject: Re: Proftpd question


> Hi,
> Got it working.  I just moved the files to /home/ftp and made a symlink in
> /var/www.  Is it ok from a security standpoint to open up ftp to the
outside
> world?  I have an unofficial mirror of the unofficial Dectalk archive, an
> archive of Dectalk as well as several other synths singing, performing
> skits, and all sorts of other weirdness.  Would it be ok to allow the
> outside world to access this via ftp?  They can already access it via
http.
> Jayson.
>
> ----- Original Message -----
> From: "Joseph C. Lininger" <
> jbahm@pcdesk.net>
>
> To: "Jayson Smith" <
> ratguy@bellsouth.net>
>
> Sent: Friday, July 16, 2004 1:22 AM
> Subject: Re: Proftpd question
>
> > Well, that depends. If the allow symlinks option is set in apache, then
> this will work. . I assume you are trying to access these files in
/var/www
> via anonymous ftp right? I can't remember what your doing now. If you are
> trying to do this, why not set the anonymous account to access /var/www.
If
> you did that, the chroot would be to that directory and you wouldn't have
a
> problem.
> >
> > --
> > Joseph C. Lininger
> >
> jbahm@pcdesk.net
> > Note, the following is used for automated processing. Please lieve in
> > tact if quoting me in a reply.
> > Verification: 5eab38a77ac40416e075be8f50607ff7
> >
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: Proftpd question

[Joseph C. Lininger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, form a security stand point, running an ftp server in and of 
itself is not a security concern. However, make sure to keep up to date 
with patches and stuff for any servers you run, be it ftp or otherwise. 
This way, people are not able to take advantage of the latest in 
security holes to compromize your system. Also, you'll want the 
anonymous stuff to be configured so that people can't write to it, and 
you want to lock users in to the directory where the files are located 
via chroot. Proftpd does the chroot thing by default, and simply setting 
the correct permitions should accomplish the read-only thing.

- -- 
Joseph C. Lininger
jbahm@pcdesk.net
Note, the following is used for automated processing. Please lieve in 
tact if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7

On Fri, 16 Jul 2004, Jayson Smith wrote:

> Hi,
> Got it working.  I just moved the files to /home/ftp and made a symlink in
> /var/www.  Is it ok from a security standpoint to open up ftp to the outside
> world?  I have an unofficial mirror of the unofficial Dectalk archive, an
> archive of Dectalk as well as several other synths singing, performing
> skits, and all sorts of other weirdness.  Would it be ok to allow the
> outside world to access this via ftp?  They can already access it via http.
> Jayson.
> 
> ----- Original Message -----
> From: "Joseph C. Lininger" <
> jbahm@pcdesk.net>
> 
> To: "Jayson Smith" <
> ratguy@bellsouth.net>
> 
> Sent: Friday, July 16, 2004 1:22 AM
> Subject: Re: Proftpd question
> 
> > Well, that depends. If the allow symlinks option is set in apache, then
> this will work. . I assume you are trying to access these files in /var/www
> via anonymous ftp right? I can't remember what your doing now. If you are
> trying to do this, why not set the anonymous account to access /var/www. If
> you did that, the chroot would be to that directory and you wouldn't have a
> problem.
> >
> > --
> > Joseph C. Lininger
> >
> jbahm@pcdesk.net
> > Note, the following is used for automated processing. Please lieve in
> > tact if quoting me in a reply.
> > Verification: 5eab38a77ac40416e075be8f50607ff7
> >
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA9+imJ6dqn0mqPbARAta5AKCWfTqcHk65fsbKzIHB1G3dJ/8BZwCcDjOI
INGB7EA4vnk9UNJSP9ff/V8=
=Q6n6
-----END PGP SIGNATURE-----

Re: Proftpd question

[Joseph C. Lininger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, as long as you don't use wuftpd, your probably ok. That's the only 
Linux ftp server I know about that has really serious security issues.

- -- 
Joseph C. Lininger
jbahm@pcdesk.net
Note, the following is used for automated processing. Please lieve in 
tact if quoting me in a reply.
Verification: 5eab38a77ac40416e075be8f50607ff7

On Fri, 16 Jul 2004, nick G wrote:

> Go ahead and do it!  It's ok, ProFTPD is secure.  They say VSFTPD is better,
> but I have no clue.
> Thanks,
> Nick
> ----- Original Message ----- 
> From: "Jayson Smith" <ratguy@bellsouth.net>
> To: "Speakup" <speakup@braille.uwo.ca>
> Sent: Friday, July 16, 2004 2:05 AM
> Subject: Re: Proftpd question
> 
> 
> > Hi,
> > Got it working.  I just moved the files to /home/ftp and made a symlink in
> > /var/www.  Is it ok from a security standpoint to open up ftp to the
> outside
> > world?  I have an unofficial mirror of the unofficial Dectalk archive, an
> > archive of Dectalk as well as several other synths singing, performing
> > skits, and all sorts of other weirdness.  Would it be ok to allow the
> > outside world to access this via ftp?  They can already access it via
> http.
> > Jayson.
> >
> > ----- Original Message -----
> > From: "Joseph C. Lininger" <
> > jbahm@pcdesk.net>
> >
> > To: "Jayson Smith" <
> > ratguy@bellsouth.net>
> >
> > Sent: Friday, July 16, 2004 1:22 AM
> > Subject: Re: Proftpd question
> >
> > > Well, that depends. If the allow symlinks option is set in apache, then
> > this will work. . I assume you are trying to access these files in
> /var/www
> > via anonymous ftp right? I can't remember what your doing now. If you are
> > trying to do this, why not set the anonymous account to access /var/www.
> If
> > you did that, the chroot would be to that directory and you wouldn't have
> a
> > problem.
> > >
> > > --
> > > Joseph C. Lininger
> > >
> > jbahm@pcdesk.net
> > > Note, the following is used for automated processing. Please lieve in
> > > tact if quoting me in a reply.
> > > Verification: 5eab38a77ac40416e075be8f50607ff7
> > >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA+C+YJ6dqn0mqPbARApWuAKDm9Ke26TkU4X0KJPT8Xe18CUcfLQCgmFY9
fPE8+LAzVBOlD/Kb4THHv9I=
=XNpj
-----END PGP SIGNATURE-----

Re: Proftpd question

[Jayson Smith]

Go to either ftp://jaybird.no-ip.info/dectalk or
http://jaybird.no-ip.info/dectalk.  There you will find a mirror of the
unofficial Dectalk archive.  This is just that, a mirror.  The actual
archive is at http://andrelouis.com/dectalk, and is not available via ftp
from that site.  There's a text file in the top level directory which gives
instructions if you wish to upload your own material to the archive.  My
mirror is updated automatically between 3:00 A.M. and 4:00 A.M. Eastern time
each day via a Cron script.  Enjoy!
Jayson.

----- Original Message -----
From: "Danny Crone" <dannyboy@pobox.com>
To: "Jayson Smith" <ratguy@bellsouth.net>
Sent: Friday, July 16, 2004 12:48 PM
Subject: Re: Proftpd question


> Hello Jason.  How can I get to the funny dec talk files?
>
> On Fri, 16 Jul
> 2004, Jayson Smith wrote:
>
> > Hi,
> > Got it working.  I just moved the files to /home/ftp and made a symlink
in
> > /var/www.  Is it ok from a security standpoint to open up ftp to the
outside
> > world?  I have an unofficial mirror of the unofficial Dectalk archive,
an
> > archive of Dectalk as well as several other synths singing, performing
> > skits, and all sorts of other weirdness.  Would it be ok to allow the
> > outside world to access this via ftp?  They can already access it via
http.
> > Jayson.
> >
> > ----- Original Message -----
> > From: "Joseph C. Lininger" <
> > jbahm@pcdesk.net>
> >
> > To: "Jayson Smith" <
> > ratguy@bellsouth.net>
> >
> > Sent: Friday, July 16, 2004 1:22 AM
> > Subject: Re: Proftpd question
> >
> > > Well, that depends. If the allow symlinks option is set in apache,
then
> > this will work. . I assume you are trying to access these files in
/var/www
> > via anonymous ftp right? I can't remember what your doing now. If you
are
> > trying to do this, why not set the anonymous account to access /var/www.
If
> > you did that, the chroot would be to that directory and you wouldn't
have a
> > problem.
> > >
> > > --
> > > Joseph C. Lininger
> > >
> > jbahm@pcdesk.net
> > > Note, the following is used for automated processing. Please lieve in
> > > tact if quoting me in a reply.
> > > Verification: 5eab38a77ac40416e075be8f50607ff7
> > >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >
>

Re: proftpd question

[Trevor Astrope]

Not sure if this applies to your situation, but you can control proftpd
access like this:

# Limit who can login
<Limit LOGIN>
	Order allow,deny
	AllowGroup staff
	Deny from All
</Limit>

Then add the users who are allowed ftp access to the staff group. Or just 
leave out the AllowGroup line to deny everyone.

Hth,

Trevor



On Tue, 11 Nov 2003, Gregory Nowak wrote:

> Hi all.
> 
> I am in the process of setting up a basic proftpd configuration.
> 
> One problem I am running into, is that I don't want any users listed
> in /etc/passwd to be able to use standard ftp (they're only allowed to
> use sftp for security). Short of entering everybody in /etc/passwd into
> /etc/ftpusers, is there a way to accomplish this?
> Thanks.
> 
> Greg
> 
> 
> -- 
> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

proftpd question

[Gregory Nowak]

Hi all.

I am in the process of setting up a basic proftpd configuration.

One problem I am running into, is that I don't want any users listed
in /etc/passwd to be able to use standard ftp (they're only allowed to
use sftp for security). Short of entering everybody in /etc/passwd into
/etc/ftpusers, is there a way to accomplish this?
Thanks.

Greg


-- 
Free domains: http://www.eu.org/ or mail dns-manager@EU.org