Discussion:
[Proftpd-user] How to config for a single user only?
Steve Snyder
2002-01-10 18:25:26 UTC
Permalink
I would like to configure ProFTPd (v1.2.4, running on Linux) such that
only a single username/password (non-anonymous) is allowed for a
sucessful login. Is this possible?

Let me explain my rationale. In the past I've had an FTP server with
anonymous logins, the intent being that it allow transfer of files with
freinds and family, not acting as a server open to the public. What I
found was that I was probed constantly, with people uploading all kinds
of garbage just to test my throughput.

What I would like is to be able to instuct specified people that they may
get file "xxxxxxxx.yyy" like this:

ftp://myname:***@host.domain.com/outgoing/xxxxxxxx.yyy

My preference, if it is possible, is that this specified user *not* be a
user on my Linux machine. I'd rather have this username/password known
only to ProFTPd. I'm willing to create a user account specifically for
the single FTP user if needed, but I'd prefer not to.

So... how do I configure ProFTPd to allow only a single username/password
and to reject all others?

Thanks.
TJ Saunders
2002-01-10 18:39:10 UTC
Permalink
swsnyd>So... how do I configure ProFTPd to allow only a single
swsnyd>username/password and to reject all others?

Using an AuthUserFile:

http://www.proftpd.org/docs/configuration.html#AuthUserFile

would probably be the easiest approach for this. And, for creation of
that file, I recommend the ftpasswd script, available from:

http://www.castaglia.org/proftpd/

Hope this helps...

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Time present and time past
Are both perhaps present in time future,
And time future contained in time past.

-T.S. Eliot

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steve Snyder
2002-01-10 19:21:06 UTC
Permalink
Post by TJ Saunders
swsnyd>So... how do I configure ProFTPd to allow only a single
swsnyd>username/password and to reject all others?
http://www.proftpd.org/docs/configuration.html#AuthUserFile
would probably be the easiest approach for this. And, for creation of
http://www.castaglia.org/proftpd/
Thanks. Mind if I ask a couple of follow-up questions?

1. How does the name/pass contained in the AuthUserFile file relate to
the <limit LOGIN> section? Previously I was using this:

<Limit LOGIN>
AllowUser anonymous
DenyAll
</Limit>

Should I do away with this section entirely, or just replace "anonymous"
with my specified username?

2. In my anonymous config I had this section:

<Anonymous ~ftp>
User ftp
Group ftp
RequireValidShell off
.
.
.
</Anonymous>

What kind of modifications are needed for the single user scheme I'm
thinking of?

Thanks again.
TJ Saunders
2002-01-10 19:26:06 UTC
Permalink
swsnyd>Should I do away with this section entirely, or just replace
swsnyd>"anonymous" with my specified username?

With an AuthUserFile that only defines a single user, and with no other
authentication modules in use (eg mod_sql or mod_ldap), you shouldn't need
that <Limit LOGIN> section. In effect, the server will only know about
the one user in the AuthUserFile -- all other usernames/logins will be
denied ("No such user").

swsnyd>What kind of modifications are needed for the single user
swsnyd>scheme I'm thinking of?

I don't think you'll need any modifications like that for a single-user
scheme, other than having "DefaultRoot ~" in your proftpd.conf. Anonymous
logins are automatically chrooted; if you want that for your single user,
you'll need DefaultRoot.

Hope this helps...

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Time present and time past
Are both perhaps present in time future,
And time future contained in time past.

-T.S. Eliot

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Continue reading on narkive:
Loading...