--===============1818945786==
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit








Here is my complete proftpd.conf file

In the logs seems everything normal.

The only thing I see in the proftpd.log are sessions that properly
opens en closes even when I put the debuglevel higher.



#

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration
file.

# To really apply changes reload proftpd after modifications.

#



# Includes DSO modules

Include /etc/proftpd/modules.conf



# Set off to disable IPv6 support which is annoying on IPv4 only boxes.

UseIPv6                         off



ServerName                   "Debian"

ServerType                    standalone

DeferWelcome                off



MultilineRFC2228            on

DefaultServer                    on

ShowSymlinks                  on



TimeoutNoTransfer            600

TimeoutStalled            600

TimeoutIdle                1200



DisplayLogin                  welcome.msg

DisplayFirstChdir             .message

ListOptions                    "-l"



DenyFilter                \*.*/



DefaultRoot                    ~



# Port 21 is the standard FTP port.

Port                    21



# In some cases you have to specify passive ports range to by-pass

# firewall limitations. Ephemeral ports can be used for that, but

# feel free to use a more narrow range.

# PassivePorts                49152 65534



# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances            30



# Set the user and group that the server normally runs at.

User                    nobody

Group                    nogroup



# Umask 022 is a good standard umask to prevent new files and dirs

# (second parm) from being group and world writable.

Umask                    022  022

# Normally, we want files to be overwriteable.

AllowOverwrite            on



# Uncomment this if you are using NIS or LDAP to retrieve passwords:

PersistentPasswd            off



# Be warned: use of this directive impacts CPU average load!

#

# Uncomment this if you like to see progress and transfer rate with
ftpwho

# in downloads. That is not needed for uploads rates.

# UseSendFile               off



#ServerIdent                     off

#UseReverseDNS                   off

#AllowOverwrite                  on

#IdentLookups                    off

RequireValidShell               off



TransferLog /var/log/proftpd/xferlog

SystemLog   /var/log/proftpd/proftpd.log



<IfModule mod_tls.c>

TLSEngine off

</IfModule>



<IfModule mod_quota.c>

QuotaEngine off

</IfModule>



<IfModule mod_ratio.c>

Ratios off

</IfModule>





# Delay engine reduces impact of the so-called Timing Attack described
in

# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02

# It is on by default.

<IfModule mod_delay.c>

DelayEngine off

</IfModule>



<IfModule mod_ctrls.c>

ControlsEngine        on

ControlsMaxClients    2

ControlsLog           /var/log/proftpd/controls.log

ControlsInterval      5

ControlsSocket        /var/run/proftpd/proftpd.sock

</IfModule>



<IfModule mod_ctrls_admin.c>

AdminControlsEngine on

</IfModule>



# A basic anonymous configuration, no upload directories.



 <Anonymous ~ftp>

   User                ftp

   Group                nogroup

#   # We want clients to be able to login with "anonymous" as well as
"ftp"

   UserAlias            anonymous ftp

#   # Cosmetic changes, all files belongs to ftp user

#   DirFakeUser    on ftp

#   DirFakeGroup on ftp

#

#   RequireValidShell        off

#

#   # Limit the maximum number of anonymous logins

   MaxClients            10

#

#   # We want 'welcome.msg' displayed at login, and '.message' displayed

#   # in each newly chdired directory.

#   DisplayLogin            welcome.msg

   DisplayFirstChdir        .message

#

#   # Limit WRITE everywhere in the anonymous chroot

#   <Directory *>

#     <Limit WRITE>

#       DenyAll

#     </Limit>

#   </Directory>



    <Limit CWD RETR STOR>

       AllowAll

    </Limit>

    <Limit XMKD MKD>

      Order       allow,deny

      Allow       from 10.

      Deny        from all

    </Limit>

    <Limit WRITE>

      Order       allow,deny

      Allow       from 10.

      Deny        from all

    </Limit>

 

#   # Uncomment this if you're brave.

#   # <Directory incoming>

#   #   # Umask 022 is a good standard umask to prevent new files and
dirs

#   #   # (second parm) from being group and world writable.

#   #   Umask                022  022

#   #            <Limit READ WRITE>

#   #            DenyAll

#   #            </Limit>

#   #            <Limit STOR>

#   #            AllowAll

#   #            </Limit>

#   # </Directory>

#

 </Anonymous>





<directory      /users/xx>

        <Limit ALL>

               denyall

        </Limit>

        <limit RETR PORT PASV>

                Order   allow,deny

                allowuser xx

                denyall

        </limit>

</directory>



<directory      /users/samba/xx>

        Umask   0000  0000

        <Limit ALL>

                Order   allow,deny

                allowuser xx

                denyall

        </limit>

</directory>





On 9/01/2008 19:38, TJ Saunders wrote:
cite="mid:Pine.LNX.4.58.0801091037520.1016@mercury.skyne tbb.com"
type="cite">

My Openldap users can browse to the root of my server even when I set
the "DefaultRoot ~" directive.
Are they not supposed to be jailed in there home directory with this
directive?



What does your full proftpd.conf look like? What does proftpd debug
logging show?

http://www.proftpd.org/docs/howto/Debugging.html

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Never underestimate the potency, and the brevity, of novelty.

-TJ Saunders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
ProFTPD Users List roftpd-users@proftpd.org"><proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html