Threaded Mode | Linear Mode

jakub.artur · 09-06-2010 11:10 PM

hi
my proftpd is not working as it should be logged, but I can not see the directories here's my config

# ispCP Ď‰ (OMEGA) a Virtual Hosting Control Panel
# Copyright © 2001-2006 by moleSoftware GmbH - http://www.molesoftware.com
# Copyright © 2006-2010 by isp Control Panel - http://ispcp.net
#
# Version: $Id: proftpd.conf 2505 2010-01-06 20:30:53Z nuxwin $
#
# The contents of this file are subject to the Mozilla Public License
# Version 1.1 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
# License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is "VHCS - Virtual Hosting Control System".
#
# The Initial Developer of the Original Code is moleSoftware GmbH.
# Portions created by Initial Developer are Copyright © 2001-2006
# by moleSoftware GmbH. All Rights Reserved.
# Portions created by the ispCP Team are Copyright © 2006-2010 by
# isp Control Panel. All Rights Reserved.
#
# The ispCP Ď‰ Home Page is:
#
# http://isp-control.net
#

# Includes DSO modules (this is mandatory in proftpd 1.3)
#Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "xxxx.xxxx.com"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

AllowOverwrite on
UseReverseDNS off

#IdentLookups off

AllowStoreRestart on
AllowForeignAddress on

LogFormat traff "%b %u"

TimeoutLogin 120
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir message

ListOptions "-l"
#LsDefaultOptions "-l"

DenyFilter \*.*/

DefaultRoot ~

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
#PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Disable PAM for authentication...
#
AuthPAM off

# Normally, we want files to be overwriteable.

<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
HideNoAccess on
</Directory>

<Limit ALL>
IgnoreHidden on
</Limit>

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

<Global>
RootLogin off
TransferLog /var/log/proftpd/xferlog
ExtendedLog /var/log/proftpd/ftp_traff.log read,write traff
PathDenyFilter "\.quota$"
</Global>

# ClamAV
<IfModule mod_clamav.c>
# Enable virus scanning and removal
ClamAV on
# Specify the UNIX Local Socket
ClamLocalSocket /var/run/clamav/clamd.sock
</IfModule>

#
# SSL via TLS
#
#<IfModule mod_tls.c>
# TLSEngine on
# TLSLog /var/log/proftpd/ftp_ssl.log # where to log to
# TLSProtocol SSLv23 # SSLv23 or TLSv1
# TLSOptions NoCertRequest # either to request the certificate or not
# TLSRSACertificateFile /etc/proftpd/ssl.crt # SSL certfile
# TLSRSACertificateKeyFile /etc/proftpd/ssl.key # SSL keyfile
# TLSVerifyClient off # client verification
#</IfModule>

#
# ISPCP Quota management;
#
<IfModule mod_quotatab_sql.c>
QuotaEngine on
QuotaShowQuotas on
QuotaDisplayUnits Mb

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLock /var/run/proftpd/tally.lock
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=de...2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# ispCP SQL Managment

##orginal jaki byl # AuthOrder mod_sql.c

AuthOrder mod_sql.c mod_auth_pam.c mod_auth_unix.c

# Activate for proftpd >= 1.3
SQLBackend mysql
SQLAuthTypes Crypt
SQLAuthenticate on
SQLConnectInfo ispcp@localhost vftp passwd-xxxx
SQLUserInfo ftp_users userid passwd uid gid homedir shell
SQLGroupInfo ftp_group groupname gid members
SQLMinUserUID 10000
SQLMinUserGID 10000

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
Include /etc/proftpd/ispcp/*

after the command proftpd -n -d 5
127.0.0.1 - Limit
127.0.0.1 - DenyAll
127.0.0.1 - Umask
127.0.0.1 - DirUmask
127.0.0.1 - AllowOverwrite
127.0.0.1 - HideNoAccess
127.0.0.1 - ShowSymlinks
127.0.0.1 - AllowStoreRestart
127.0.0.1 - AllowForeignAddress
127.0.0.1 - TimeoutNoTransfer
127.0.0.1 - TimeoutStalled
127.0.0.1 - TimeoutIdle
127.0.0.1 - DisplayLogin
127.0.0.1 - DisplayChdir
127.0.0.1 - ListOptions
127.0.0.1 - DenyFilter
127.0.0.1 - SQLNamedQuery_get-quota-limit
127.0.0.1 - SQLNamedQuery_get-quota-tally
127.0.0.1 - SQLNamedQuery_update-quota-tally
127.0.0.1 - SQLNamedQuery_insert-quota-tally
127.0.0.1 - SQLAuthenticate
127.0.0.1 - SQLConnectInfo
127.0.0.1 - SQLMinUserUID
127.0.0.1 - SQLMinUserGID
127.0.0.1 - RootLogin
127.0.0.1 - TransferLog
127.0.0.1 - PathDenyFilter
127.0.0.1 - Umask
127.0.0.1 - DirUmask
127.0.0.1 - AllowOverwrite
127.0.0.1 - HideNoAccess
127.0.0.1 - ShowSymlinks
127.0.0.1 - AllowStoreRestart
127.0.0.1 - AllowForeignAddress
127.0.0.1 - TimeoutNoTransfer
127.0.0.1 - TimeoutStalled
127.0.0.1 - TimeoutIdle
127.0.0.1 - DisplayLogin
127.0.0.1 - DisplayChdir
127.0.0.1 - ListOptions
127.0.0.1 - DenyFilter
127.0.0.1 - SQLNamedQuery_get-quota-limit
127.0.0.1 - SQLNamedQuery_get-quota-tally
127.0.0.1 - SQLNamedQuery_update-quota-tally
127.0.0.1 - SQLNamedQuery_insert-quota-tally
127.0.0.1 - SQLAuthenticate
127.0.0.1 - SQLConnectInfo
127.0.0.1 - SQLMinUserUID
127.0.0.1 - SQLMinUserGID
127.0.0.1 - RootLogin
127.0.0.1 - TransferLog
127.0.0.1 - PathDenyFilter
127.0.0.1 - DeferWelcome
127.0.0.1 - DefaultServer
127.0.0.1 - ShowSymlinks
127.0.0.1 - AllowOverwrite
127.0.0.1 - AllowStoreRestart
127.0.0.1 - AllowForeignAddress
127.0.0.1 - TimeoutLogin
127.0.0.1 - TimeoutNoTransfer
127.0.0.1 - TimeoutStalled
127.0.0.1 - TimeoutIdle
127.0.0.1 - DisplayLogin
127.0.0.1 - DisplayChdir
127.0.0.1 - ListOptions
127.0.0.1 - DenyFilter
127.0.0.1 - DefaultRoot
127.0.0.1 - UserID
127.0.0.1 - UserName
127.0.0.1 - GroupID
127.0.0.1 - GroupName
127.0.0.1 - AuthPAM
127.0.0.1 - QuotaEngine
127.0.0.1 - QuotaShowQuotas
127.0.0.1 - QuotaDisplayUnits
127.0.0.1 - SQLNamedQuery_get-quota-limit
127.0.0.1 - SQLNamedQuery_get-quota-tally
127.0.0.1 - SQLNamedQuery_update-quota-tally
127.0.0.1 - SQLNamedQuery_insert-quota-tally
127.0.0.1 - QuotaLock
127.0.0.1 - QuotaLimitTable
127.0.0.1 - QuotaTallyTable
127.0.0.1 - DelayEngine
127.0.0.1 - AuthOrder
127.0.0.1 - SQLBackend
127.0.0.1 - SQLAuthTypes
127.0.0.1 - SQLAuthenticate
127.0.0.1 - SQLConnectInfo
127.0.0.1 - SQLUserTable
127.0.0.1 - SQLUsernameField
127.0.0.1 - SQLPasswordField
127.0.0.1 - SQLUidField
127.0.0.1 - SQLGidField
127.0.0.1 - SQLHomedirField
127.0.0.1 - SQLShellField
127.0.0.1 - SQLGroupTable
127.0.0.1 - SQLGroupnameField
127.0.0.1 - SQLGroupGIDField
127.0.0.1 - SQLGroupMembersField
127.0.0.1 - SQLMinUserUID
127.0.0.1 - SQLMinUserGID
127.0.0.1 - RootLogin
127.0.0.1 - TransferLog
127.0.0.1 - ExtendedLog
127.0.0.1 - PathDenyFilter
127.0.0.1 - ProFTPD 1.3.3a (maint) (built Sun Sep 5 2010 10:18:01 CEST) standalone mode STARTUP

has no error

Seeking a reason for three days and I can not find anything, please help

127.0.0.1 - dispatching PRE_CMD command 'CWD /BBBBBBBBB/' to mod_tls
127.0.0.1 - dispatching PRE_CMD command 'CWD /BBBBBBBBB/' to mod_core
127.0.0.1 - dispatching PRE_CMD command 'CWD /BBBBBBBBB/' to mod_core
127.0.0.1 - dispatching CMD command 'CWD /BBBBBBBBB/' to mod_core
127.0.0.1 - in dir_check_full(): path = '/BBBBBBBBB', fullpath = '/home/www/virtual/xxxxx.xx/BBBBBBBBB'.
127.0.0.1 - dispatching POST_CMD_ERR command 'CWD /BBBBBBBBB/' to mod_sql
127.0.0.1 - dispatching LOG_CMD_ERR command 'CWD /BBBBBBBBB/' to mod_sql
127.0.0.1 - dispatching LOG_CMD_ERR command 'CWD /BBBBBBBBB/' to mod_log

directory can be created but can not see it and can not go to the directory

**pgentoo** · 09-07-2010 11:39 AM

i'm running an older build, but it works for me. I have this in my proftpd.conf, which is a bit different...

# Normally, we want files to be overwriteable.

<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
HideNoAccess on
</Directory>

# But not to overwrite ispCP Standard directories.
<Directory ~/>
PathDenyFilter "^/(backups|cgi-bin|htdocs|errors|logs|phptmp|statistics)/?$"
</Directory>

<Limit ALL>
IgnoreHidden on
</Limit>

The other big difference is that I do not have the line to include all /etc/proftpd/ispcp/*

-
pgentoo

jakub.artur · 09-07-2010 01:11 PM

me add line proftpd.conf

# But not to overwrite ispCP Standard directories.
<Directory ~/>
PathDenyFilter "^/(backups|cgi-bin|htdocs|errors|logs|phptmp|statistics)/?$"
</Directory>

but unfortunately still do not see the directory of directories can be done but is not visible on the blurred line /etc/proftpd/ispcp/*
catalogs can not do

my test
drwxrwx--- 2 vu10003 apache 4096 Sep 5 16:11 backups
drwxr-xr-x 2 vu10003 vu10003 4096 Sep 7 05:05 bbbbbbbb
drwxr-xr-x 2 vu10003 apache 4096 Sep 5 16:11 cgi-bin
drwxr-xr-x 3 vu10003 apache 4096 Sep 5 16:11 disabled
drwxrwxr-x 3 vu10003 apache 4096 Sep 5 16:11 errors
drwxrwxr-x 3 vu10003 apache 4096 Sep 5 19:55 htdocs
drwxr-xr-x 5 vu10003 apache 4096 Sep 5 16:39 irc
drwxrwx--- 2 vu10003 apache 4096 Sep 6 00:00 logs
drwxrwx--- 2 vu10003 apache 4096 Sep 5 16:11 phptmp
no work
new test
drwxrwx--- 2 vu10003 vu10003 4096 Sep 5 16:11 backups
drwxr-xr-x 2 vu10003 vu10003 4096 Sep 7 05:05 bbbbbbbb
drwxr-xr-x 2 vu10003 vu10003 4096 Sep 5 16:11 cgi-bin
drwxr-xr-x 3 vu10003 vu10003 4096 Sep 5 16:11 disabled
drwxrwxr-x 3 vu10003 vu10003 4096 Sep 5 16:11 errors
drwxrwxr-x 3 vu10003 vu10003 4096 Sep 5 19:55 htdocs
drwxr-xr-x 5 vu10003 vu10003 4096 Sep 5 16:39 irc
drwxrwx--- 2 vu10003 vu10003 4096 Sep 6 00:00 logs
drwxrwx--- 2 vu10003 vu10003 4096 Sep 5 16:11 phptmp
no work
logs ftp
(05:12:20) [1] CWD /irc/
(05:12:20) [1] 550 /irc/: No such file or directory
(05:12:52) [1] CWD .
(05:12:52) [1] 550 .: No such file or directory
strange no work Sad

**kilburn** · 09-07-2010 03:02 PM

Try increasing the verbosity and see if it shows a more descriptive error...

jakub.artur · 09-08-2010 01:48 AM

me look logs proftpd -n -d 5
me error
127.0.0.1 - mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
hm ?
me proftpd.conf rename line HideNoAccess on or off files fund ok . why bugs ? me bad group or user ? hmm...

Threaded Mode \| Linear Mode proftpd gentoo no work :(
Author	Message