Re: proftpd and ftpaccess

[Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>]

* maniatronic@gmx.net (maniatronic@gmx.net) spake thusly:
> Hi !
> First thanks to Black Liam !
> Ok.
> I want to set up an ftp-server.
> But I´ve got som problems.
> The server I wnat to use is proftpd.
> I´ve installed it on my system.
> There was no ftpaccess, ftphosts and ftpusers so I `ve created 
> them myself.
> The ftphosts and ftpusers aren`t very importen for me.
> The main problem is the ftpaccess.
> It looks like this:
> #ftpaccess
> class  peoples   real
> banner /usr/util/banner.msg
> log transfer             peoples      inbound,outbound
> loginfails 5
> chmod              no  peoples
> rename             no  peoples
> delete              no peoples
> overwrite          no peoples
> compress         yes peoples
> tar                  yes peoples
> noretrieve        /etc/passwd
> noretrieve        /etc/shadow
> noretrieve        /etc/ftpaccess
> message        /usr/util/login.msg
> 
> OK.
> That´s the file.
> No there happen things which i can´t believe.
> I´ve logged on my ftp-Server.
> There was no message appearing !
> And i was even able to get the /etc/passwd.
> It seems that proftpd ignores my etc/ftpaccess.
> It´t has got an own config file named proftpd.conf
> But in this file your just able to set the rules for anonymous login.
> 
> What´s wrong with my ftpaccess ???

Nothing, RTFM. Proftpd puts anonymous users in a chroot jail,
they can't get to your /etc/password (their names/passwords go 
into proftd.conf, not ftpaccess). A non-anonymous user can get
to all the files she can read normally, including /etc/passwd.

Not sure about the message.

Dima
-- 
Q276304 - Error Message: Your Password Must Be at Least 18770 Characters
and Cannot Repeat Any of Your Previous 30689 Passwords           -- RISKS 21.37