CentOS/Proftpd Directory Limit

0

I have a proftpd setup to use SQL for permissions (both ssh and ftp). all users user the same id. I want to restrict a particular user (client) to only LIST, STOR, and STOU in their home directory (/home/ftp/client) and not be able to LIST an /archive subdirectory.

Here's what I've got...but it doesn't seem to affect the user at all. Nothing showing in logs. Any help would be greatly appreciated.

<Directory /home/ftp/client >
    <Limit ALL>
        DenyAll
    </Limit>
    <Limit LIST STOR STOU>
        AllowAll
    </Limit>
</Directory>
<Directory /home/ftp/client/archive >
    <Limit ALL>
        DenyAll
    </Limit>
</Directory>

David Rairigh

Posted 2016-09-02T14:51:45.483

Reputation: 1

Does your proftpd.conf contain any <VirtualHost> sections? If so, you may need to place the above <Directory> sections within a <Global> section, so that it applies to all vhosts. Another possibility is your FTP client using the NLST (or MLSD or MLST) commands, rather than just LIST. – Castaglia – 2016-09-02T15:08:32.490

At first I did have a virtual defined but i removed it. I placed the sections shown above in the Global section. – David Rairigh – 2016-09-06T18:11:27.147

1Are you perhaps using the mod_vroot module? That can affect how <Directory> sections are handled. – Castaglia – 2016-09-09T01:29:16.930

Answers

0

As Castaglia expected, the module mod_vroot.c was the root cause for my problem, when removing the line from my config, it worked for me:

# LoadModule mod_vroot.c

Sebastian Viereck

Posted 2016-09-02T14:51:45.483

Reputation: 101

Asked: 2016-09-02T14:51:45.483

Viewed: 338 times

Active: 2019-02-18T12:20:41.207