1 |
Nick Van Vlaenderen wrote: |
2 |
|
3 |
> Hi folks, |
4 |
> |
5 |
> I used emerge to install proftpd 1.2.9. In /etc/proftpd/proftpd.conf, |
6 |
> I set user and group to proftpd, so when I start the FTP server, it |
7 |
> should start as user and group proftpd (yes, they are created). But |
8 |
> when I start proftpd, it just runs as root... I searched the manual |
9 |
> page for possible switches that could force the server to start as a |
10 |
> particular user and group, but there aren't any... |
11 |
> |
12 |
> Can anyone give me some sort of explination on this? |
13 |
> |
14 |
> Thanks, |
15 |
> |
16 |
> Nick |
17 |
|
18 |
Are you attempting ti run proftpd as a standalone daemon or from xinetd |
19 |
/ inetd? i believe there's something in proftpd's available config |
20 |
variables that can set uid:guid... xinetd is far superior security wise |
21 |
for running proftpd and much nicer on resources. Something to consider. |
22 |
Here's a sample proftpd.conf that works with xinetd that i had |
23 |
previously posted to gentoo forums. |
24 |
|
25 |
ServerType inetd |
26 |
DefaultServer on |
27 |
ServerIdent on "Jedi-Pimp Ftpd" |
28 |
AuthPAM on |
29 |
AuthPAMConfig ftp |
30 |
# Port 21 is the standard FTP port. |
31 |
Port 21 |
32 |
|
33 |
# Umask 022 is a good standard umask to prevent new dirs and files |
34 |
# from being group and world writable. |
35 |
Umask 022 |
36 |
|
37 |
# To prevent DoS attacks, set the maximum number of child processes |
38 |
# to 30. If you need to allow more than 30 concurrent connections |
39 |
# at once, simply increase this value. Note that this ONLY works |
40 |
# in standalone mode, in inetd mode you should use an inetd server |
41 |
# that allows you to limit maximum number of processes per service |
42 |
# (such as xinetd). |
43 |
MaxInstances 30 |
44 |
|
45 |
# Set the user and group under which the server will run. |
46 |
User proftpd |
47 |
Group proftpd |
48 |
|
49 |
# Normally, we want files to be overwriteable. |
50 |
<Directory /> |
51 |
AllowOverwrite on |
52 |
</Directory> |
53 |
|
54 |
<Global> |
55 |
AllowRetrieveRestart on |
56 |
AllowStoreRestart on |
57 |
DefaultRoot ~ |
58 |
UseFtpUsers on |
59 |
LoginPasswordPrompt on |
60 |
AllowOverwrite on |
61 |
AllowForeignAddress on |
62 |
DeferWelcome on |
63 |
TimeoutStalled 10 |
64 |
TimeoutNoTransfer 520 |
65 |
TimeoutLogin 20 |
66 |
RequireValidShell off |
67 |
RootLogin off |
68 |
AccessDenyMsg BuRp |
69 |
AccessGrantMsg w00t |
70 |
DenyFilter \*.*/ |
71 |
PassivePorts 3000 3100 |
72 |
</Global> |
73 |
|
74 |
You must also setup /etc/xinetd.conf and remove the config var stating |
75 |
only from = localhost then edit /etc/xinetd.d/proftpd changing "disable= |
76 |
yes" to "disable =no" restart xinetd to affect the changes.lastly ensure |
77 |
that proftpd is *not* in the startup runlevels or it will create an |
78 |
annoying problem. |
79 |
|
80 |
Regards, |
81 |
Mike Crawford |
82 |
President, |
83 |
EliteitMinds Technologies |
84 |
Official Gentoo Linux Mirror Provider |
85 |
http://gentoo.eliteitminds.com |