| 1 |
Nick Van Vlaenderen wrote: |
| 2 |
|
| 3 |
> Hi folks, |
| 4 |
> |
| 5 |
> I used emerge to install proftpd 1.2.9. In /etc/proftpd/proftpd.conf, |
| 6 |
> I set user and group to proftpd, so when I start the FTP server, it |
| 7 |
> should start as user and group proftpd (yes, they are created). But |
| 8 |
> when I start proftpd, it just runs as root... I searched the manual |
| 9 |
> page for possible switches that could force the server to start as a |
| 10 |
> particular user and group, but there aren't any... |
| 11 |
> |
| 12 |
> Can anyone give me some sort of explination on this? |
| 13 |
> |
| 14 |
> Thanks, |
| 15 |
> |
| 16 |
> Nick |
| 17 |
|
| 18 |
Are you attempting ti run proftpd as a standalone daemon or from xinetd |
| 19 |
/ inetd? i believe there's something in proftpd's available config |
| 20 |
variables that can set uid:guid... xinetd is far superior security wise |
| 21 |
for running proftpd and much nicer on resources. Something to consider. |
| 22 |
Here's a sample proftpd.conf that works with xinetd that i had |
| 23 |
previously posted to gentoo forums. |
| 24 |
|
| 25 |
ServerType inetd |
| 26 |
DefaultServer on |
| 27 |
ServerIdent on "Jedi-Pimp Ftpd" |
| 28 |
AuthPAM on |
| 29 |
AuthPAMConfig ftp |
| 30 |
# Port 21 is the standard FTP port. |
| 31 |
Port 21 |
| 32 |
|
| 33 |
# Umask 022 is a good standard umask to prevent new dirs and files |
| 34 |
# from being group and world writable. |
| 35 |
Umask 022 |
| 36 |
|
| 37 |
# To prevent DoS attacks, set the maximum number of child processes |
| 38 |
# to 30. If you need to allow more than 30 concurrent connections |
| 39 |
# at once, simply increase this value. Note that this ONLY works |
| 40 |
# in standalone mode, in inetd mode you should use an inetd server |
| 41 |
# that allows you to limit maximum number of processes per service |
| 42 |
# (such as xinetd). |
| 43 |
MaxInstances 30 |
| 44 |
|
| 45 |
# Set the user and group under which the server will run. |
| 46 |
User proftpd |
| 47 |
Group proftpd |
| 48 |
|
| 49 |
# Normally, we want files to be overwriteable. |
| 50 |
<Directory /> |
| 51 |
AllowOverwrite on |
| 52 |
</Directory> |
| 53 |
|
| 54 |
<Global> |
| 55 |
AllowRetrieveRestart on |
| 56 |
AllowStoreRestart on |
| 57 |
DefaultRoot ~ |
| 58 |
UseFtpUsers on |
| 59 |
LoginPasswordPrompt on |
| 60 |
AllowOverwrite on |
| 61 |
AllowForeignAddress on |
| 62 |
DeferWelcome on |
| 63 |
TimeoutStalled 10 |
| 64 |
TimeoutNoTransfer 520 |
| 65 |
TimeoutLogin 20 |
| 66 |
RequireValidShell off |
| 67 |
RootLogin off |
| 68 |
AccessDenyMsg BuRp |
| 69 |
AccessGrantMsg w00t |
| 70 |
DenyFilter \*.*/ |
| 71 |
PassivePorts 3000 3100 |
| 72 |
</Global> |
| 73 |
|
| 74 |
You must also setup /etc/xinetd.conf and remove the config var stating |
| 75 |
only from = localhost then edit /etc/xinetd.d/proftpd changing "disable= |
| 76 |
yes" to "disable =no" restart xinetd to affect the changes.lastly ensure |
| 77 |
that proftpd is *not* in the startup runlevels or it will create an |
| 78 |
annoying problem. |
| 79 |
|
| 80 |
Regards, |
| 81 |
Mike Crawford |
| 82 |
President, |
| 83 |
EliteitMinds Technologies |
| 84 |
Official Gentoo Linux Mirror Provider |
| 85 |
http://gentoo.eliteitminds.com |
Archives