Home / server / Questions / 560683
Accepted
kockiren
Asked: 2013-12-12 06:03:48 +0800 CST

How to deny or reject FTP commands for some user on proftpd?

  • 772

There works a FTP Server (proftpd) on Centos 6.5, Auth mech is AUTH_FILE and default ROOT is /var/ftp all User should put Files into this directory but only 2 User should get or list this files. Is it possible to deny some FTP Commands for a few Users?

My proftpd Config looks like:

DefaultRoot                     /var/ftp/
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_file.c  mod_auth_unix.c
RequireValidShell  off
AuthUserFile  /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
AuthPAM off
RequireValidShell off

The content of /etc/proftpd/ftpd.group is:

ftp_group:x:50:user1

And the user file /etc/proftpd/ftpd.passwd looks like:

user1:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false
user2:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false
user3:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false

User1 should be the user who can't get or list Files on the FTP Server. Is it possible?

linux

1 Answers

  1. Best Answer

    Related to this Documentation (In the example section) I use LIMIT Command to reject the FTP Commands. The following was add to the proftpd.conf:

    <Directory /var/ftp>
 <Limit ALL>
      DenyAll
 </Limit>

 <Limit DIRS READ>
    AllowUser user1
    AllowUser user2
    DenyAll
 </Limit>
</Directory>

    User3 can use the LIST Command (ls) but proftpd deny the command and return an empty result and the other User (User1 and User2) can use this Commands.

    • 0