Настройка Proftpd c acl доступом
Добавлено: 2011-07-11 12:20:33
У меня проблема с работой Proftpd совместно с acl. Если acl при сборке отключить, то всё нормально, но я именно хочу использовать acl для блокировки нежелательных IP.
У меня работает доступ с acl от пользователя, но не работает от Anonymous. Вот это в логах соединения:
Когда acl флаг выключен, то anonymous подключается нормально и попадает в /home/ftp:
Вот сам конфиг proftpd.conf
Права на /home/ftp:
Система: Gentoo amd64
Proftpd собран так:
У меня работает доступ с acl от пользователя, но не работает от Anonymous. Вот это в логах соединения:
Код: Выделить всё
Status: Connecting to 192.168.56.1:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.3e Server (ProFTPD Gentoo Server) [192.168.56.1]
Command: USER anonymous
Response: 331 Anonymous login ok, send your complete email address as your password
Command: PASS **************
Response: 530-Unable to set anonymous privileges.
Response: 530 Login incorrect.
Error: Critical error
Error: Could not connect to server
Код: Выделить всё
Status: Connecting to 192.168.56.1:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.3e Server (ProFTPD Gentoo Server) [192.168.56.1]
Command: USER anonymous
Response: 331 Anonymous login ok, send your complete email address as your password
Command: PASS **************
Response: 230 Anonymous access granted, restrictions apply
Command: OPTS UTF8 ON
Response: 200 UTF8 set to on
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (192,168,56,1,151,22).
Command: MLSD
Response: 150 Opening ASCII mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing successful
Код: Выделить всё
ServerName "ProFTPD Gentoo Server"
ServerType standalone
DefaultServer on
RequireValidShell off
AuthPAM off
AuthPAMConfig ftp
# Listen on the standard FTP port 21.
Port 21
# New directories and files should not be group or world writable.
Umask 022
# To prevent DoS attacks set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once simply increase this value.
MaxInstances 30
# The server will run under ftp/ftp.
User ftp
Group ftp
# Every FTP sessions is "jailed" into the user's home directory.
DefaultRoot ~
# Generally files are overwritable.
AllowOverwrite on
# Disallow the use of the SITE CHMOD command.
<Limit SITE_CHMOD>
DenyAll
</Limit>
# A basic anonymous FTP account without an upload directory.
<Anonymous ~ftp>
User ftp
Group ftp
# Clients can login with the username "anonymous" and "ftp".
UserAlias anonymous ftp
# Limit the maximum number of parallel anonymous logins to 10.
MaxClients 10
# Prohibit the WRITE command for the anonymous users.
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
<Limit LOGIN>
# These are trusted addresses
Allow from 192.168.56.3
Allow from trusted-domain.com
# Everyone else is denied
DenyAll
</Limit>
Код: Выделить всё
drwxrwxr-x 2 ftp ftp 4096 Feb 28 12:54 ftp
Система: Gentoo amd64
Proftpd собран так:
Код: Выделить всё
[ebuild R ] net-ftp/proftpd-1.3.3e USE="acl authfile ban caps ctrls ident ldap mysql ncurses nls pam ratio readme rewrite sftp shaper sitemisc softquota ssl tcpd -case -clamav -deflate -doc -exec -hardened -ifsession -ipv6 -kerberos -postgres -radius (-selinux) -trace -vroot -xinetd" 0 kB
