Eivind Olsen
2016-10-03 08:55:28 UTC
I'm setting up a new ProFTPD installation, but something is behaving a
bit odd.
Now, I'm quite sure I'm doing something wrong here somewhere, but I
could use a pointer in the right direction :D
Environment: RHEL7, with ProFTPD 1.3.5b from EPEL.
Selinux is running but set to permissive just for testing.
ftp> dir
229 Entering Extended Passive Mode (|||8930|)
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 eolsen-1 commonuser 498423 Dec 12 2012 bilde.JPG
-rw-r--r-- 1 eolsen-1 commonuser 1071189 May 17 2011
DNS-presentasjon-20110426.pdf
-rw-r--r-- 1 eolsen-1 commonuser 5 Nov 13 2007 index.html
drwxr-xr-x 3 eolsen-1 commonuser 71 Apr 22 2010 jalla
-rw-r--r-- 1 eolsen-1 commonuser 0 Dec 13 2007 jalla2
drwxr-xr-x 2 eolsen-1 commonuser 6 Oct 3 07:38 mush
-rw-r--r-- 1 eolsen-1 commonuser 127 May 8 2013 musikk.txt
-rw-r--r-- 1 eolsen-1 commonuser 7 Sep 30 11:48 myfile
-rw-r--r-- 1 eolsen-1 commonuser 8 Oct 3 08:35 mynewfile.txt
-rw-r--r-- 1 eolsen-1 commonuser 423 Nov 13 2007 reversdns.pl
-rw-r--r-- 1 eolsen-1 commonuser 1276699 Jan 21 2008 rt-3.4.1.tar.gz
-rw-r--r-- 1 eolsen-1 commonuser 0 Sep 9 2011 vim-7.3.tar.bz2
226 Transfer complete
ftp> get mynewfile.txt
local: mynewfile.txt remote: mynewfile.txt
229 Entering Extended Passive Mode (|||35638|)
550 mynewfile.txt: No such file or directory
When I list and then try to retrieve a file, this is what I find in the
journalctl log:
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_tls
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'EPSV 2' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/', fullpath = '/'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- Entering Extended Passive Mode (|||8930|)
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'EPSV 2' to mod_log
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'LIST' to mod_tls
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'LIST' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'LIST' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'LIST' to mod_ls
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- UseReverseDNS off, returning IP address instead of DNS name
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- passive data connection opened - local : ::1:8930
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- passive data connection opened - remote : ::1:48223
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/', fullpath = '/'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/bilde.JPG', fullpath = '/bilde.JPG'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/DNS-presentasjon-20110426.pdf', fullpath
= '/DNS-presentasjon-20110426.pdf'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/index.html', fullpath = '/index.html'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/jalla', fullpath = '/jalla'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/jalla2', fullpath = '/jalla2'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/mush', fullpath = '/mush'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/musikk.txt', fullpath = '/musikk.txt'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/myfile', fullpath = '/myfile'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/mynewfile.txt', fullpath =
'/mynewfile.txt'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/reversdns.pl', fullpath =
'/reversdns.pl'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/rt-3.4.1.tar.gz', fullpath =
'/rt-3.4.1.tar.gz'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/vim-7.3.tar.bz2', fullpath =
'/vim-7.3.tar.bz2'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'LIST' to mod_log
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'LIST' to mod_ls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'TYPE I' to mod_tls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'TYPE I' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'TYPE I' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'TYPE I' to mod_xfer
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'TYPE I' to mod_log
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_tls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'EPSV 2' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/', fullpath = '/'.
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- Entering Extended Passive Mode (|||35638|)
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'EPSV 2' to mod_log
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_tls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_quotatab
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_xfer
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching POST_CMD_ERR command 'RETR mynewfile.txt' to mod_quotatab
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD_ERR command 'RETR mynewfile.txt' to mod_log
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD_ERR command 'RETR mynewfile.txt' to mod_xfer
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'QUIT' to mod_tls
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'QUIT' to mod_core
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'QUIT' to mod_core
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'QUIT' to mod_core
Here's proftpd.conf:
ServerName "Our FTP server"
ServerIdent on "FTP Server ready."
ServerAdmin ***@localhost
DefaultServer on
DebugLevel 10
DefaultRoot ~
PersistentPasswd off
UseReverseDNS off
User nobody
Group nobody
MaxInstances 90
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
IdentLookups off
RequireValidShell off
DirFakeUser on ~
DirFakeGroup on commonuser
MaxClientsPerUser 2
<Directory /*>
AllowOverwrite on
HideNoAccess on
</Directory>
CreateHome on 755
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_ldap.c
LoadModule mod_quotatab_ldap.c
LoadModule mod_ctrls_admin.c
LoadModule mod_vroot.c
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
ControlsEngine on
ControlsACLs all allow user root
ControlsSocketACL allow user *
ControlsLog /var/log/proftpd/controls.log
<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
AdminControlsACLs all allow user root
</IfModule>
<IfModule mod_vroot.c>
VRootEngine on
</IfModule>
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off
timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 2 times
# within 10 minutes, automatically add a ban for that client that
# will expire after one hour.
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
# Inform the user that it's not worth persisting
BanMessage "Host %a has been banned"
# Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm
</IfDefine>
<IfDefine QOS>
LoadModule mod_qos.c
# RFC791 TOS parameter compatibility
QoSOptions dataqos throughput ctrlqos lowdelay
# For a DSCP environment (may require tweaking)
#QoSOptions dataqos CS2 ctrlqos AF41
</IfDefine>
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
<IfDefine ANONYMOUS_FTP>
<Anonymous ~ftp>
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions
apply."
# We want clients to be able to login with "anonymous" as well as
"ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10 "Sorry, max %m users -- try again
later"
# Put the user into /pub right after login
#DefaultChdir /pub
# We want 'welcome.msg' displayed at login, '.message' displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin /welcome.msg
DisplayChdir .message
DisplayReadme README*
# Cosmetic option to make all files appear to be owned by user "ftp"
DirFakeUser on ftp
DirFakeGroup on ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE SITE_CHMOD>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
#
# Directory specification is slightly different if mod_vroot is in
# use: see http://sourceforge.net/p/proftp/mailman/message/31728570/
# https://bugzilla.redhat.com/show_bug.cgi?id=1045922
<IfModule mod_vroot.c>
<Directory /uploads/*>
AllowOverwrite no
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</IfModule>
<IfModule !mod_vroot.c>
<Directory uploads/*>
AllowOverwrite no
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</IfModule>
# Don't write anonymous accesses to the system wtmp file (good
idea!)
WtmpLog off
# Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ
default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
</Anonymous>
</IfDefine>
LDAPAuthBinds on
LDAPDefaultAuthScheme crypt
LDAPBindDN
"uid=homepages,ou=applications,o=ldapusers" "secretpassword"
LDAPUsers "ou=People,o=ldapusers"
"(&(uid=%v)(services=webpages)(userstatus=active))"
LDAPSearchScope onelevel
LDAPServer "192.168.0.150:389"
LDAPQueryTimeout 5
LDAPGenerateHomedir on
LDAPDefaultUID 14
LDAPDefaultGID 50
LDAPForceDefaultUID on
LDAPForceDefaultGID on
LDAPAttr ftpquota userftpquota
LDAPDefaultQuota
"false,hard,100000000,unlimited,unlimited,unlimited,unlimited,unlimited"
QuotaEngine on
QuotaDisplayUnits Mb
QuotaOptions ScanOnLogin
QuotaLimitTable ldap:
QuotaLog /var/log/proftpd/quota.log
QuotaShowQuotas on
QuotaTallyTable
file:/var/spool/proftpd/ftpquota.tallytab
PathDenyFilter "\.quota$"
Regards
Eivind Olsen
bit odd.
Now, I'm quite sure I'm doing something wrong here somewhere, but I
could use a pointer in the right direction :D
Environment: RHEL7, with ProFTPD 1.3.5b from EPEL.
Selinux is running but set to permissive just for testing.
ftp> dir
229 Entering Extended Passive Mode (|||8930|)
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 eolsen-1 commonuser 498423 Dec 12 2012 bilde.JPG
-rw-r--r-- 1 eolsen-1 commonuser 1071189 May 17 2011
DNS-presentasjon-20110426.pdf
-rw-r--r-- 1 eolsen-1 commonuser 5 Nov 13 2007 index.html
drwxr-xr-x 3 eolsen-1 commonuser 71 Apr 22 2010 jalla
-rw-r--r-- 1 eolsen-1 commonuser 0 Dec 13 2007 jalla2
drwxr-xr-x 2 eolsen-1 commonuser 6 Oct 3 07:38 mush
-rw-r--r-- 1 eolsen-1 commonuser 127 May 8 2013 musikk.txt
-rw-r--r-- 1 eolsen-1 commonuser 7 Sep 30 11:48 myfile
-rw-r--r-- 1 eolsen-1 commonuser 8 Oct 3 08:35 mynewfile.txt
-rw-r--r-- 1 eolsen-1 commonuser 423 Nov 13 2007 reversdns.pl
-rw-r--r-- 1 eolsen-1 commonuser 1276699 Jan 21 2008 rt-3.4.1.tar.gz
-rw-r--r-- 1 eolsen-1 commonuser 0 Sep 9 2011 vim-7.3.tar.bz2
226 Transfer complete
ftp> get mynewfile.txt
local: mynewfile.txt remote: mynewfile.txt
229 Entering Extended Passive Mode (|||35638|)
550 mynewfile.txt: No such file or directory
When I list and then try to retrieve a file, this is what I find in the
journalctl log:
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_tls
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'EPSV 2' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/', fullpath = '/'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- Entering Extended Passive Mode (|||8930|)
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'EPSV 2' to mod_log
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'LIST' to mod_tls
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'LIST' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'LIST' to mod_core
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'LIST' to mod_ls
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- UseReverseDNS off, returning IP address instead of DNS name
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- passive data connection opened - local : ::1:8930
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- passive data connection opened - remote : ::1:48223
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/', fullpath = '/'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/bilde.JPG', fullpath = '/bilde.JPG'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/DNS-presentasjon-20110426.pdf', fullpath
= '/DNS-presentasjon-20110426.pdf'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/index.html', fullpath = '/index.html'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/jalla', fullpath = '/jalla'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/jalla2', fullpath = '/jalla2'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/mush', fullpath = '/mush'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/musikk.txt', fullpath = '/musikk.txt'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/myfile', fullpath = '/myfile'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/mynewfile.txt', fullpath =
'/mynewfile.txt'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/reversdns.pl', fullpath =
'/reversdns.pl'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/rt-3.4.1.tar.gz', fullpath =
'/rt-3.4.1.tar.gz'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/vim-7.3.tar.bz2', fullpath =
'/vim-7.3.tar.bz2'.
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'LIST' to mod_log
Oct 03 10:35:28 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'LIST' to mod_ls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'TYPE I' to mod_tls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'TYPE I' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'TYPE I' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'TYPE I' to mod_xfer
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'TYPE I' to mod_log
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_tls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'EPSV 2' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'EPSV 2' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- in dir_check_full(): path = '/', fullpath = '/'.
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- Entering Extended Passive Mode (|||35638|)
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD command 'EPSV 2' to mod_log
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_tls
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_core
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_quotatab
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'RETR mynewfile.txt' to mod_xfer
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching POST_CMD_ERR command 'RETR mynewfile.txt' to mod_quotatab
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD_ERR command 'RETR mynewfile.txt' to mod_log
Oct 03 10:35:31 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching LOG_CMD_ERR command 'RETR mynewfile.txt' to mod_xfer
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'QUIT' to mod_tls
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'QUIT' to mod_core
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching PRE_CMD command 'QUIT' to mod_core
Oct 03 10:35:32 casa.localdomain proftpd[19164]: 192.168.0.74 (::1[::1])
- dispatching CMD command 'QUIT' to mod_core
Here's proftpd.conf:
ServerName "Our FTP server"
ServerIdent on "FTP Server ready."
ServerAdmin ***@localhost
DefaultServer on
DebugLevel 10
DefaultRoot ~
PersistentPasswd off
UseReverseDNS off
User nobody
Group nobody
MaxInstances 90
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
IdentLookups off
RequireValidShell off
DirFakeUser on ~
DirFakeGroup on commonuser
MaxClientsPerUser 2
<Directory /*>
AllowOverwrite on
HideNoAccess on
</Directory>
CreateHome on 755
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_ldap.c
LoadModule mod_quotatab_ldap.c
LoadModule mod_ctrls_admin.c
LoadModule mod_vroot.c
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
ControlsEngine on
ControlsACLs all allow user root
ControlsSocketACL allow user *
ControlsLog /var/log/proftpd/controls.log
<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
AdminControlsACLs all allow user root
</IfModule>
<IfModule mod_vroot.c>
VRootEngine on
</IfModule>
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off
timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 2 times
# within 10 minutes, automatically add a ban for that client that
# will expire after one hour.
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
# Inform the user that it's not worth persisting
BanMessage "Host %a has been banned"
# Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm
</IfDefine>
<IfDefine QOS>
LoadModule mod_qos.c
# RFC791 TOS parameter compatibility
QoSOptions dataqos throughput ctrlqos lowdelay
# For a DSCP environment (may require tweaking)
#QoSOptions dataqos CS2 ctrlqos AF41
</IfDefine>
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
<IfDefine ANONYMOUS_FTP>
<Anonymous ~ftp>
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions
apply."
# We want clients to be able to login with "anonymous" as well as
"ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10 "Sorry, max %m users -- try again
later"
# Put the user into /pub right after login
#DefaultChdir /pub
# We want 'welcome.msg' displayed at login, '.message' displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin /welcome.msg
DisplayChdir .message
DisplayReadme README*
# Cosmetic option to make all files appear to be owned by user "ftp"
DirFakeUser on ftp
DirFakeGroup on ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE SITE_CHMOD>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
#
# Directory specification is slightly different if mod_vroot is in
# use: see http://sourceforge.net/p/proftp/mailman/message/31728570/
# https://bugzilla.redhat.com/show_bug.cgi?id=1045922
<IfModule mod_vroot.c>
<Directory /uploads/*>
AllowOverwrite no
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</IfModule>
<IfModule !mod_vroot.c>
<Directory uploads/*>
AllowOverwrite no
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</IfModule>
# Don't write anonymous accesses to the system wtmp file (good
idea!)
WtmpLog off
# Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ
default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
</Anonymous>
</IfDefine>
LDAPAuthBinds on
LDAPDefaultAuthScheme crypt
LDAPBindDN
"uid=homepages,ou=applications,o=ldapusers" "secretpassword"
LDAPUsers "ou=People,o=ldapusers"
"(&(uid=%v)(services=webpages)(userstatus=active))"
LDAPSearchScope onelevel
LDAPServer "192.168.0.150:389"
LDAPQueryTimeout 5
LDAPGenerateHomedir on
LDAPDefaultUID 14
LDAPDefaultGID 50
LDAPForceDefaultUID on
LDAPForceDefaultGID on
LDAPAttr ftpquota userftpquota
LDAPDefaultQuota
"false,hard,100000000,unlimited,unlimited,unlimited,unlimited,unlimited"
QuotaEngine on
QuotaDisplayUnits Mb
QuotaOptions ScanOnLogin
QuotaLimitTable ldap:
QuotaLog /var/log/proftpd/quota.log
QuotaShowQuotas on
QuotaTallyTable
file:/var/spool/proftpd/ftpquota.tallytab
PathDenyFilter "\.quota$"
Regards
Eivind Olsen