proFTPD logowanie usera

[dhapollo]

Witam.

Mam problem potrzebuje zrobić żeby do serwera ftp logowali się tylko użytkownicy tyklo z grupy lan, oraz mieli dostęp tylko do folderu /var/ftp to jest mój conf.

Kod: Zaznacz cały

ServerType standalone
DefaultServer on
Umask 022
ServerName "0.0.0.0"
ServerIdent off "My FTPD"
ServerAdmin dhapollo@wp.pl
IdentLookups off
UseReverseDNS off
Port 21
PassivePorts 49152 65534
#MasqueradeAddress None
TimesGMT off
MaxInstances 29
MaxLoginAttempts 10
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
DisplayLogin welcome.msg
Group lan
DirFakeUser off lan
DirFakeGroup off lan
DefaultTransferMode binary
AllowForeignAddress off
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 70000
TransferRate STOR 70000
TransferRate STOU 70000
TransferRate APPE 70000
SystemLog /var/log/secure
RequireValidShell off
#gp_random_username_length 3
#gp_random_password_length 3
#gp_randomize_case lower
#gp_useradd_homedir_path /var/ftp
#gp_html_path /var/www/
#gp_welcome_name welcome.msg
<IfModule mod_tls.c>
TLSEngine off
TLSRequired off
TLSVerifyClient off
TLSProtocol TLSv1
TLSLog /var/log/proftpd_tls.log
TLSRSACertificateFile /etc/gproftpd/gproftpd.pem
</IfModule>
<IfModule mod_ratio.c>
Ratios off
SaveRatios off
RatioFile "/restricted/proftpd_ratios"
RatioTempFile "/restricted/proftpd_ratios_temp"
CwdRatioMsg "Please upload first!"
FileRatioErrMsg "FileRatio limit exceeded, upload something first..."
ByteRatioErrMsg "ByteRatio limit exceeded, upload something first..."
LeechRatioMsg "Your ratio is unlimited."
</IfModule>
<Limit LOGIN>
Allow all
</Limit>

<Anonymous /var/ftp>
User dhapollo
Group users
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit LIST NLST  RETR  PWD XPWD  SIZE  STAT  CWD XCWD  CDUP XCUP >
 AllowAll
</Limit>
<Limit STOR STOU  APPE  RNFR RNTO  DELE  MKD XMKD SITE_MKDIR  RMD XRMD SITE_RMDIR  SITE  SITE_CHMOD  SITE_CHGRP  MTDM >
 DenyAll
</Limit>
</Anonymous>

<Anonymous /var/ftp>
User lan2
Group nobody
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
AllowOverwrite off
<Limit LOGIN>
 Allow from all
 Deny from all
</Limit>
<Limit RETR LIST NLST MDTM SIZE STAT CWD XCWD PWD XPWD CDUP XCUP>
 AllowAll
</Limit>
<Limit DELE APPE STOR STOU SITE_CHMOD SITE_CHGRP RNFR RNTO MKD XMKD RMD XRMD>
 DenyAll
</Limit>
</Anonymous>

<Anonymous /var/ftp>
User lan
Group nobody
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit LIST NLST  RETR  PWD XPWD  SIZE  STAT  CWD XCWD  CDUP XCUP >
 AllowAll
</Limit>
<Limit STOR STOU  APPE  RNFR RNTO  DELE  MKD XMKD SITE_MKDIR  RMD XRMD SITE_RMDIR  SITE  SITE_CHMOD  SITE_CHGRP  MTDM >
 DenyAll
</Limit>
</Anonymous>

<Anonymous /var/ftp/Click_Here>
Group lan
AnonRequirePassword on
MaxClients 5 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit LIST NLST  STOR STOU  RETR  MKD XMKD SITE_MKDIR  SITE_CHGRP  PWD XPWD  SIZE  STAT  CWD XCWD  CDUP XCUP >
 AllowAll
</Limit>
<Limit APPE  RNFR RNTO  DELE  RMD XRMD SITE_RMDIR  SITE  SITE_CHMOD  MTDM >
 DenyAll
</Limit>
</Anonymous>

Prawie to działa ale nie jest tak jak ja chce. Jeśli stworze userowi katalog domowy to ma dostęp do całego dysku, jeśli nie stworze katalogu domowego to muszę ręcznie dopisywać kolejne linnie <Anonymous /var/ftp>.

Da rade jakoś ograniczyć prawa grupie tylko do jednego folderu??

Pozdrawiam.

[17piotrek]

Kod: Zaznacz cały

DefaultRoot ~

ograniczy dostep tylko do katalogu domowego

[dhapollo]

Witam.

Mam pytanko, w którym miejscu mam to wpisać??

Pytanie jest laickie ale dopiero zaczynam.

[verdorben]

Np. pod DefaultServer on

[17piotrek]

W dowolnym miejscu poza wyszczegolniona sekcją (np ifmodule).