13. maj 2001 - 17:30Der er
34 kommentarer og 2 løsninger
Userdir i Apache og Proftpd ?
Hvordan kan jeg sætte det sådan at jeg definerer en mappe, så når en bruger logger ind på min ftp, så kan han KUN up/downloade/chmode i den mappe, og har ikke adgang til de andre mapper. Det skal så også være sådan at man kan skrive http://minserver.dk/~brugernavn -> det er så den omtalte mappe man kommer ind i..
Jeg kører Redhat 7.1 med Apache 1.3.19, og Proftpd.
Danmark vil mindske afhængigheden af globale techgiganter, men det kræver mere end politiske formuleringer og strategier, understreger PROSA’s formand Niels Bertelsen.
Opret public_html bibl til dine brugere... Så vil dette virke..
<Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit All Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory>
med hensynd til proftpd, er der kun den linie der kan gøre det...
ServerName \"Server navn\" ServerType standalone ServerIdent On \"Ident\" DefaultServer on DefaultRoot ~ UseReverseDNS off #IdentLookups off #DisplayConnect /etc/ftplogin.msg
# Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30
# Set the user and group that the server normally runs at. User nobody Group nogroup
# Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on </Directory>
######################################################################### # # # Uncomment lines with only one # to allow basic anonymous access # # # #########################################################################
### A basic anonymous configuration, no upload directories. <Anonymous ~ftp> User ftp Group ftp ### We want clients to be able to login with \"anonymous\" as well as \"ftp\" UserAlias anonymous ftp
### Limit the maximum number of anonymous logins MaxClients 10
### It is wise when making an \'ftp\' user that you either block its ### ability to login either via /etc/login.access or my giving it ### an invalid shell. ### Uncomment this if the \'ftp\' user you made has an invalid shell
RequireValidShell off
### We want \'welcome.msg\' displayed at login, and \'.message\' displayed ### in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message
### Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit>
Nu fik jeg det til at virke sådan at [brugeren] over ftp starter i /home/[brugernavn] hvilet også er ok, men han kan stadigvæk ikke skrive i public_html, eller slette (noget med chmod)
Og så er der det meget store problem, nemli at han kan gå op i mapper dvs til /home og videre til / og det er jeg ikke glad for, så hvordan kan jeg slå det fra ?
Kan jeg bare bruge chmod 777 på mappen, eller giver det nogle dårlige bivirkninger ? Det virker med 777 når jeg chmodder lokalt eller over SSH, men jeg kan som sagt ikke chmodde over ftp, og han kan stadig gå op i roden
# This is a basic ProFTPD configuration file (rename it to # \'proftpd.conf\' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # \"nobody\" and \"ftp\" for normal operation and anon.
ServerName \"ProFTPD Default Installation\" ServerType standalone DefaultServer on
TimeoutIdle 600 IdentLookups off UseReverseDNS off
ShowDotFiles on
DefaultRoot ~
#Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30
# Set the user and group that the server normally runs at. User dkw group dkw # Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on </Directory>
# A basic anonymous configuration, no upload directories. <Anonymous ~ftp> User ftp Group ftp # We want clients to be able to login with \"anonymous\" as well as \"ftp\" UserAlias anonymous ftp
# Limit the maximum number of anonymous logins MaxClients 10
# We want \'welcome.msg\' displayed at login, and \'.message\' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit>
# This is a basic ProFTPD configuration file (rename it to # \'proftpd.conf\' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # \"nobody\" and \"ftp\" for normal operation and anon.
ServerName \"motu\'s ftpserver\" ServerType standalone DefaultServer on TimeoutIdle 600 IdentLookups off UseReverseDNS off
ShowDotFiles on
DefaultRoot ~
# Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30
# Set the user and group that the server normally runs at. User nobody Group nobody
# Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite off </Directory>
med hensyn til apache skal du finde denne her linje i httpd.conf :
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your # machine always knows itself by this address. If you use Apache strictly for # local testing and development, you may use 127.0.0.1 as the server name. # ServerName dinhost eller ip her
og denne her linje :
# UserDir: The name of the directory which is appended onto a user\'s home # directory if a ~user request is received. # <IfModule mod_userdir.c> UserDir public_html </IfModule>
public_html er der hvor brugerne har deres filer.
DVS .. i alle bruger kataloger skal der laves et biblotek der hedder public_html, som skal have :
#<Directory /home/*/public_html> # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # <Limit GET POST OPTIONS PROPFIND> # Order allow,deny # Allow from all # </Limit> # <LimitExcept GET POST OPTIONS PROPFIND> # Order deny,allow # Deny from all # </LimitExcept> #</Directory>
Jeg modificerede min egen proftpd.conf ved at indsætte følgende
Hvis jeg bruger dette laver den fejl når den starter op ->
DefaultRoot ~
Men ved dette kører det -> DefaultRoot ~
Det var jo meget godt, og chmod virker også nu, så nu mangler jeg bare en lille ting.. Hvordan sørger jeg for at det IKKE er muligt for denne bruger at logge ind med SSH ?
Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.