Threaded Mode | Linear Mode

Haros · 05-23-2011 06:07 AM

Hi,

I have created a new subdomain, then a new ftp user with default dir the subdomain's dir (not the domains root directory). The problem is that when the users logins through ftp he doesn't have delete permissions!

I have tried giving the ftp user access to the root of the domain and as far I can see there is no problem with permissions. He can enter his subdomain folder and delete anything he wants...

I am using ISPCP version 1.0.7.

Is this a bug or something or I am missing something here?

Thank you.

Haros · 05-25-2011 08:48 PM

Anyone?

JCircle · 05-26-2011 12:45 PM

please explain a bit more.

are you setup like.
domaina.com usera
sub1.domaina.com userb

and you want userb to be able to get into domaina.com ?

**joximu** · 05-26-2011 06:32 PM

I think he wants userb to be able to delete files/folders inside
/var/www/virtual/domaina.com/sub1/....

I don't know why this does not work.
Maybe have a look in the proftp logfiles...

/J

Haros · 05-26-2011 11:31 PM

It is like joxiumu said.
I want userb to delete files inside /var/www/virtual/domaina.com/sub1/

When I give him full access to the domains root (/var/www/virtual/domaina.com/) it has the permissions. But when I set the "Use other dir" option so the user has only permissions in his subdomain (/var/www/virtual/domaina.com/sub1/) he cannot delete files....

**kilburn** · 05-27-2011 12:58 AM

In a properly setup ispcp system, ProFTPD uses the same real user for all the FTP accounts that are defined under the same domain. Therefore, the situation you are describing should *not* ever happen, and we are unable to help you without more information.

Specifically, you should launch the proftpd daemon in debug mode and inspect the logs (or show them to us), to precisely determine why the "restricted to one subfolder" user can not delete the files in there. Otherwise we can not help in any way...

Haros · 05-27-2011 03:04 AM

Where are the proftpd logs located? I can't find them under /var/log/proftpd/ in debian.

Ok I executed it inder debug mode.

created a folder and then tried to delete it.

Quote:xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching PRE_CMD command 'RMD /htdocs/N ew folder/' to mod_exec
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching PRE_CMD command 'RMD /htdocs/N ew folder/' to mod_rewrite
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching PRE_CMD command 'RMD /htdocs/N ew folder/' to mod_tls
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching PRE_CMD command 'RMD /htdocs/N ew folder/' to mod_core
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching PRE_CMD command 'RMD /htdocs/N ew folder/' to mod_core
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching PRE_CMD command 'RMD /htdocs/N ew folder/' to mod_quotatab
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching CMD command 'RMD /htdocs/New f older/' to mod_core
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching POST_CMD_ERR command 'RMD /htd ocs/New folder/' to mod_sql
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching POST_CMD_ERR command 'RMD /htd ocs/New folder/' to mod_exec
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching LOG_CMD_ERR command 'RMD /htdo cs/New folder/' to mod_sql
xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - dispatching LOG_CMD_ERR command 'RMD /htdo cs/New folder/' to mod_log

**kilburn** · 05-27-2011 04:21 AM

Well, unfortunately this does not give us a lot of information, aside from that it's the core (not any module) that is refusing the command. Further suggestions:

1. Increase the debug level, so that there's more output.
2. What error does the client get?
3. What are the folder permissions? Have you just created the folder, or was it there before?
4. What are the contents of /etc/proftpd/ispcp/domain.tld.conf?

Maybe some of these will help...

PS: I have just tried with an ispcp 1.0.7 (debian squeeze) installation of mine, and everything worked as expected (the restricted ftp account can delete stuff).

Haros · 05-27-2011 05:20 AM

1) I tried debugging at level 5 and 9 (isn't 9 the maximum?) but I get the same error ouput.

2) the client gets "/htdocs/New folder/: Permission denied" error

3) I have just created the folder with permissions rwxr-xr-w-x but that's not the case, even with full permissions the same problem occurs. I've also tried deleting some preinstalled files (some jpgs in the images folder used by the land page of ispcp) and I get the same error.

4) my root_domain.conf:

Code:

<Directory ~/backups>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/backups/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

<Directory ~/cgi-bin>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/cgi-bin/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

<Directory ~/htdocs>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/htdocs/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

<Directory ~/disabled>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/errors>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/errors/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

<Directory ~/logs>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/logs/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

<Directory ~/phptmp>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/phptmp/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

<Directory ~/statistics>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory ~/statistics/*>

 <Limit RMD RNTO DELE XRMD>

  AllowAll

 </Limit>

</Directory>

btw check the subdomain conf also

Code:

<Directory /var/www/virtual/xxx.com/aris/backups>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/backups/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/cgi-bin>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/cgi-bin/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/htdocs>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/htdocs/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/errors>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/errors/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/logs>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/logs/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/phptmp>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/phptmp/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/statistics>

 <Limit RMD RNTO DELE XRMD>

  DenyAll

 </Limit>

</Directory>

<Directory /var/www/virtual/xxx.com/aris/statistics/*>

 <Limit RMD RNTO DELE XRMD>

    AllowAll

 </Limit>

</Directory>

**kilburn** · 05-27-2011 09:56 AM

Sadly enough, I see no reason why this is failing dude. I'm sorry...

Threaded Mode \| Linear Mode ftp user bug?
Author	Message