Baird, Josh | 21 Jan 16:19 2015

[Proftpd-user] Disable normal FTP per user

Hi,

My configuration currently supports FTP/FTPS (implicit)/SFTP using mod_sql.  I'm looking for a clever
way to selectively disable normal FTP for certain users and only allow them to use FTPS/SFTP.  In the past, I
had [hackishly] used user groups to handle this.  Is there a trick I can use with mod_sql to achieve this?

Thanks,

Josh

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Ezsra McDonald | 16 Jan 18:09 2015
Picon

[Proftpd-user] TLSProtocol Allow only TLSv1.2

We recently disabled SSLv3 in our FTPS server. Soon after recommendations were sent that we should also disable TLSv1.1.

I have ProFTPD Version 1.3.5. and changed TLSProtocol to include only  TLSv1.2. After restarting the server I ran a scan against the server. No TLS protocols are being accepted. But, when I change it to TLSv1 I get the following results:

    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

From reading the documentation

Module: mod_tls
Compatibility: 1.2.7rc1 and later
TLSv1.1 Allow only TLSv1.1
TLSv1.2 Allow only TLSv1.2

Am I missing something?
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
s3v | 5 Jan 16:03 2015
Picon

[Proftpd-user] Virtual group: add/remove virtual users

Hi.

I need to add/remove an existing virtual user to/from an existing 
virtual group but, despite the research, I can:

[add/delete user]
- Edit "ftpd.group".

[add user]
- Recreate the entry by executing "ftpasswd --group ... -m ... -m ... -m 
.... " with option "-m" for *all* group members (old ones and new one).

I suppose that the first method is the correct way to accomplish the job 
but I would like a secure way to prevent incorrect changes.

Please, can you introduce a specific option(s) ?
i.e.

    ftpasswd --group --name groupname --add-user username ...
    ftpasswd --group --name groupname --delete-user username ...

I don't know if these features are already been planned or evaluated and 
discarded for some reasons.
I'm on Debian with ProFTPD 1.3.5

Thanks for your job.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Matus UHLAR - fantomas | 2 Jan 08:33 2015
Picon

Re: [Proftpd-user] sftp setup

On 01.01.15 23:27, gpeel <at> thenetnow.com wrote:
>The --enable-openssl config line was not included in the Makefile fo the
> FreeBSD proftpd port.  once I added it and recompiled and reinstalled it,
> configuring was a breeze.  Also, the only key needed was the server public
> key.

wasn't it? from what I remember, this option was allowable through the "make
config" in ports...

--

-- 
Matus UHLAR - fantomas, uhlar <at> fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest. 

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

gpeel | 31 Dec 02:50 2014

[Proftpd-user] sftp setup

Hi all,

I have been going blind researching how-tos,FAQs etc on how to implement sftp using proftp and mod_sftp.

I have proftpd 1.3.4d compiled from ports. on FreeBSD 9.3.

Proftpd (in plain text mode ) run great as always.

I can see mod_sftp.so in the /usr/local/libexec/proftpd directory. It appears to have been compiled at the same time as all the other .so modules.

I have no current broken config to share, but I have tried loading the .so as using loadfile, but read somewhere that it should not be needed.

LoadFIle /usr/local/libexec/proftpd/mod_sftp.so

also tried

LoadModule /usr/local/libexec/proftpd/mod_sftp.so
(there is no mod_sftp.c file anywhere to be found - should there be?).
(I have included the output of proftpd - at the bottom).
And with all of the above using it in a container to no avail:

<IfModule mod_sftp.so>
</IfModule>

and watched the logs when trying to load… to no avail.

Can anyone help me understand:

  1. how to load mod_sftp and verify its loaded,
  2. how to setup the IfModule container
  3. Can I use the standard ssl certificates we use with apache?
    mydomain.crt
    mydomain.key
    mydomain.int.crt

Regards,

-G

root <at> spare:# proftpd -V
Compile-time Settings:
  Version: 1.3.4d (maint)
  Platform: FREEBSD9 (FREEBSD9_3) [FreeBSD 9.3-RELEASE i386]
  Built: Sun Oct 12 2014 07:12:58 EDT
  Built With:
    configure  '--localstatedir=/var/run' '--libexecdir=/usr/local/libexec/proftpd' '--with-pkgconfig=libdata/pkgconfig' '--sysconfdir=/usr/local/etc' '--enable-ctrls' '--enable-dso' '--disable-sendfile' '--enable-ipv6' '--enable-nls' '--enable-pcre' '--disable-memcache' '--with-shared=mod_ban:mod_copy:mod_ctrls_admin:mod_deflate:mod_dynmasq:mod_exec:mod_ifsession:mod_ifversion:mod_qos:mod_quotatab:mod_quotatab_file:mod_quotatab_radius:mod_quotatab_sql:mod_radius:mod_ratio:mod_readme:mod_rewrite:mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_shaper:mod_site_misc:mod_sql:mod_sql_passwd:mod_tls:mod_tls_shmcache:mod_unique_id:mod_wrap2:mod_wrap2_file:mod_wrap2_sql' '--with-includes=/usr/local/include' '--with-libraries=/usr/local/lib' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd9.3' 'build_alias=i386-portbld-freebsd9.3' 'CC=cc' 'CFLAGS=-O2 -pipe -DHAVE_OPENSSL -I/usr/include -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath,/usr/lib:/usr/local/lib' 'LIBS=-lssl -lcrypto -L/usr/lib' 'CPPFLAGS=' 'CPP=cpp'

  CFLAGS: -O2 -pipe -DHAVE_OPENSSL -I/usr/include -fno-strict-aliasing -Wall
  LDFLAGS: -L$(top_srcdir)/lib  -Wl,-rpath,/usr/lib:/usr/local/lib -L/usr/local/lib
  LIBS: -lintl  -lpcreposix -lpcre -lssl -lcrypto -lpam -lsupp -lcrypt -lssl -lcrypto -L/usr/lib -liconv -lutil

  Files:
    Configuration File:
      /usr/local/etc/proftpd.conf
    Pid File:
      /var/run/proftpd.pid
    Scoreboard File:
      /var/run/proftpd.scoreboard
    Header Directory:
      /usr/local/include/proftpd
    Shared Module Directory:
      /usr/local/libexec/proftpd

  Features:
    - Autoshadow support
    + Controls support
    + curses support
    - Developer support
    + DSO support
    + IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    + ncursesw support
    + NLS support
    + OpenSSL support
    + PCRE support
    - POSIX ACL support
    - Shadow file suppport
    - Sendfile support
    + Trace support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 30
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10


------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Danny | 23 Dec 07:31 2014
Picon

[Proftpd-user] TLS Question

Hi guys,

How would I check if TLS is working correctly with proftpd?

Thank You

Danny

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Steve Cohen | 18 Dec 20:58 2014
Picon

[Proftpd-user] proftpd won't let me download file even though I am in the correct group

Hello List,

Let me supply the important info

I am running reel 6.5

prhftp1-prd:/etc]proftpd -v
ProFTPD Version 1.3.3g
prhftp1-prd:/etc]proftpd -vv
ProFTPD Version: 1.3.3g (maint)
  Scoreboard Version: 01040003
  Built: Fri Dec 20 2013 22:46:37 UTC

Loaded modules:
  mod_lang/0.9
  mod_ctrls/0.9.4
  mod_cap/1.0
  mod_vroot/0.9.2
  mod_tls/2.4.2
  mod_auth_pam/1.1
  mod_readme.c
  mod_ident/1.0
  mod_dso/0.5
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c

Here is the relevant portion of the proftpd.conf

AuthUserFile            /etc/authuser
AuthGroupFile           /etc/groups
AuthPam                 off
AuthOrder               mod_auth_file.c

I am using  an auth user file and auth user group file.

here is the user and group from the files.

prhftp1-prd:/etc]grep scohen /etc/authuser
scohen:<hash removed>:41826:41000:Steve Cohen:/ftpdata:/bin/true
prhftp1-prd:/etc]grep 41000 /etc/groups
pp::41000:ppftpadmin

Here is the directory the file is in.

prhftp1-prd:/etc]ls -ld /ftpdata
drwxrwxr-x 63 41000 41000 2000 Dec 18 13:51 /ftpdata

So the group has read, write, execute permissions

ftp> dir test_file
229 Entering Extended Passive Mode (|||40975|)
150 Opening ASCII mode data connection for file list
-rwxrwx---   1 pgftpuser55 pp           4694 Dec 18 18:51 test_file
226 Transfer complete
ftp> get test_file
local: test_file remote: test_file
229 Entering Extended Passive Mode (|||37019|)
550 test_file: Permission denied
ftp> bye
221 Goodbye.

The file is in the correct group, though it should be the directory permissions that matter and I am in the correct group there as well. However, I can't download.

Here is the log:

Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): Entering Passive Mode (10,107,210,197,174,62).
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'PASV' to mod_log
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'RETR test_file' to mod_tls
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'RETR test_file' to mod_core
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'RETR test_file' to mod_core
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'RETR test_file' to mod_xfer
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): path = '/test_file', fullpath = '/test_file'.
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching CMD command 'RETR test_file' to mod_xfer
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD_ERR command 'RETR test_file' to mod_log
Dec 18 14:36:45 prhftp1-prd proftpd[11820] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD_ERR command 'RETR test_file' to mod_xfer

To make this really interesting, I can upload files to this directory as user scohen:

ftp> ls -l
229 Entering Extended Passive Mode (|||36184|)
150 Opening ASCII mode data connection for file list
-rwxrwx---   1 pgftpuser55 pp           4694 Dec 18 18:51 test_file
226 Transfer complete
ftp> put test_file2
local: test_file2 remote: test_file2
229 Entering Extended Passive Mode (|||50678|)
150 Opening BINARY mode data connection for test_file2
100% |******************************************************************************************************************************************************************************************************************|    24      232.05 KiB/s    00:00 ETA226 Transfer complete
24 bytes sent in 00:00 (3.11 KiB/s)
-rwxrwx---   1 pgftpuser55 pp           4694 Dec 18 18:51 test_file
-rwxrwx---   1 scohen   pp             24 Dec 18 19:50 test_file2
226 Transfer complete
ftp>


Here is the log for this:

Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): path = '/', fullpath = '/'.
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): Entering Passive Mode (10,107,210,197,197,246).
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'PASV' to mod_log
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file2' to mod_tls
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file2' to mod_core
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file2' to mod_core
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file2' to mod_xfer
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): path = '/test_file2', fullpath = '/test_file2'.
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): setting umask to 0002 (was 0002)
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching CMD command 'STOR test_file2' to mod_xfer
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): passive data connection opened - local  : ::ffff:10.107.210.197:50678
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): passive data connection opened - remote : ::ffff:170.171.252.130:5188
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'STOR test_file2' to mod_log
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'STOR test_file2' to mod_xfer
Dec 18 14:49:45 prhftp1-prd proftpd[12670] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): Transfer completed: 24 bytes in 0.00 seconds

Why can I upload files that I am in the correct group for but can't download them?

Thanks,
Steve Cohen
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Steve Cohen | 18 Dec 20:30 2014
Picon

[Proftpd-user] umask not working

I am running proftpd on RHEL 6.5

prhftp1-prd:/etc/penguin]proftpd -v
ProFTPD Version 1.3.3g
prhftp1-prd:/etc/penguin]proftpd -vv
ProFTPD Version: 1.3.3g (maint)
  Scoreboard Version: 01040003
  Built: Fri Dec 20 2013 22:46:37 UTC

Loaded modules:
  mod_lang/0.9
  mod_ctrls/0.9.4
  mod_cap/1.0
  mod_vroot/0.9.2
  mod_tls/2.4.2
  mod_auth_pam/1.1
  mod_readme.c
  mod_ident/1.0
  mod_dso/0.5
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c

I have umask set to 0002 in the proftpd.conf file.

Umask                         0002

I setup a system log and set debug level 10.

I upload a file:


and look at the debug log. the file is being set to 770 even though the log shows that a umask is being applied.

ftp> put test_file
local: test_file remote: test_file
229 Entering Extended Passive Mode (|||46166|)
150 Opening BINARY mode data connection for test_file
100% |******************************************************************************************************************************************************************************************************************|    31      299.73 KiB/s    00:00 ETA226 Transfer      complete
31 bytes sent in 00:00 (4.10 KiB/s)
ftp> ls -l
229 Entering Extended Passive Mode (|||47934|)
150 Opening ASCII mode data connection for file list
drwxrwsr-x   2 pgftpuser54 pp             29 Dec 18 07:11 Special
-rwxrwx---   1 pgftpuser54 pp             31 Dec 18 16:41 test_file
226 Transfer complete


Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'TYPE I' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'TYPE I' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching CMD command 'TYPE I' to mod_xfer
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'TYPE I' to mod_log
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'PASV' to mod_tls
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'PASV' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'PASV' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching CMD command 'PASV' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): path = '/', fullpath = '/'.
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): Entering Passive Mode (10,107,210,197,180,86).
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'PASV' to mod_log
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file' to mod_tls
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file' to mod_core
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching PRE_CMD command 'STOR test_file' to mod_xfer
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): path = '/test_file', fullpath = '/test_file'.
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): in dir_check_full(): setting umask to 0002 (was 0002)
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching CMD command 'STOR test_file' to mod_xfer
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): passive data connection opened - local  : ::ffff:10.107.210.197:46166
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): passive data connection opened - remote : ::ffff:170.171.252.130:11036
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'STOR test_file' to mod_log
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): dispatching LOG_CMD command 'STOR test_file' to mod_xfer
Dec 18 11:41:06 prhftp1-prd proftpd[31915] 10.107.210.197 (::ffff:170.171.252.130[::ffff:170.171.252.130]): Transfer completed: 31 bytes in 0.00 seconds

According to the documentation the files should never be allowed to have permissions 770.

Now, I understand you can use SITE_CHMOD however, we are not using that. Why are files being uploaded with 770 when it shouldn’t happen and we have a umask of 0002?

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Patel, Kirit | 18 Dec 03:37 2014
Picon

[Proftpd-user] Extended passive FTP

ALL
 
Need urgent help is extended passive ftp supported  in  code is 1.3.2 and if it is how do u disable it?
 
 
Kirit Patel
Network, Security and Communications Services
Engineer - ICT IV (GCM Classification, NE07 - Network Engineer VII)
East Windsor, New Jersey
(609)-426-5923
 
Out of Office: Dec 12,Dec 26,Dec 30, Dec 31,Jan 8 to Jan 23 ,2015
 
 
 
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
John Stoffel | 10 Dec 22:02 2014

[Proftpd-user] Can virtual users and groups be nested?


Hi,

I'm looking to rebuild a legacy FTP server into something more modern
and ProFTPD looks to be the solution since you support jails with both
ftp and sftp.  Nice!

But I'm wondering if what I want to do is possible, which is to jail
external users to their own directories, but to allow internal users
to be able to view selected external users and their files, but not
other external users?  

For example, say I have the external users:   extA, extB, extC, extD.

And the internal users:  int1, int2.

I know I can setup things so that ext* are jailed.  

But can I setup things so that int1 can only see extA, extB and extC,
while int2 can only see extD and extA?

And of course I want to do this all with virtual users/groups backed
by an SQL DB, probably mysql.  Reading the docs for version 1.3.5
doesn't really help me figure out if I can do what I want easily.  Esp
since I need to make the management of this all simple to do by the
helpdesk staff.

So I guess I also need a web gui tool to be recommended as well.  I'm
looking at proftpdadmin-1.0.4, but haven't had a chance to play with
it yet.

Thanks,
John

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

TJ Saunders | 30 Nov 01:10 2014

Re: [Proftpd-user] Libcap


> I'm having this on a new server:
> 
> capability: warning: `proftpd' uses 32-bit capabilities (legacy support in use)
> 
> I've solved this on other server but don't remember exactly what I used.

See:

  http://www.proftpd.org/docs/modules/mod_cap.html#FAQ

> Should I use libcap2-dev or libcap-ng-dev on compile time?

I think libcap2-dev is the one you want.

Cheers,
TJ

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html


Gmane