proftpd 覆盖权限被拒绝 ftp 用户

tag-icon tag-icon ftp freebsd proftpd
proftpd 覆盖权限被拒绝 ftp 用户

我有一台安装了 proftpd 的 freebsd 服务器。当我将目录的权限设置为 777 时,我可以覆盖文件,但是使用文件夹的 755 权限时,我无法覆盖文件夹中的文件。

在 conf 文件中:我将“AllowOverwrite”更改为“on”,将用户和组更改为“root”,但这没有帮助。

我该如何修复这个错误?

这是我的 proftpd.conf 文件:

ServerName          "Servername"
ServerType          standalone
ServerIdent         on      "Servers identifying string"
DeferWelcome            on
DefaultServer           on

DisplayLogin            .welcome    # Textfile to display on login
DisplayConnect          .connect    # Textfile to display on connection
#DisplayFirstChdir               .firstchdir    # Textfile to display on first changedir

UseReverseDNS               off
IdentLookups                off

Port                21
PassivePorts            60000 65000
Umask               022
MaxInstances                    15
MaxClientsPerHost               10      "Only %m connections per host allowed"
MaxClients                      10      "Only %m total simultanious logins allowed"
MaxHostsPerUser                 1

User                root
Group               root

ScoreboardFile          /var/log/scoreboard

# Some logging formats
LogFormat                   default     "%h %l %u %t \"%r\" %s %b"
LogFormat                   auth        "%v [%P] %h %t \"%r\" %s"
LogFormat                   write       "%h %l %u %t \"%r\" %s %b"

# Define log-files to use
TransferLog                 /var/log/proftpd.xferlog
ExtendedLog                 /var/log/proftpd.access_log    WRITE,READ write
ExtendedLog                 /var/log/proftpd.auth_log      AUTH auth
ExtendedLog                 /var/log/proftpd.paranoid_log  ALL default
SQLLogFile          /var/log/proftpd.mysql

# Set up authentication via SQL
# ===========
AuthOrder                       mod_sql.c
SQLAuthTypes            Backend
SQLConnectInfo              proftpd_admin@localhost proftpd Icl0ud
SQLUserInfo             usertable userid passwd uid gid homedir shell 
SQLGroupInfo            grouptable groupname gid members 
SQLUserWhereClause          "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"

# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable

# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable

# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"

# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery  transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery  transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat


AllowStoreRestart       on
AllowRetrieveRestart        on
RequireValidShell               off
PathDenyFilter                  "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot             ~
DenyFilter          \*.*/


<Directory /usr/home/*>
    AllowOverwrite      on
    HideNoAccess        off
    <Limit READ>
        AllowAll
        </Limit>

    <Limit WRITE>
        DenyGroup   !admins
    </Limit>
</Directory>

<Directory /*>
    AllowOverwrite      on
    HideNoAccess        on

    <Limit READ>
            DenyGroup   !admins
        </Limit>

        <Limit STOR MKD>
            AllowAll
        </Limit>
</Directory>

答案1

您在管理员群组吗?

DenyGroup !管理员

答案2

sudo journalctl -ae proftpd的输出(Debian)是

… systemd[1]: Starting proftpd.service - ProFTPD FTP Server...
… proftpd[2383423]: Checking syntax of configuration file
… proftpd[2383423]: mod_dso/0.5: unable to load 'mod_rewrite.c'; check to see if '/usr/lib/proftpd/mod_rewrite.la' exists
… proftpd[2383423]: fatal: LoadModule: error loading module 'mod_rewrite.c': No such file or directory on line 74 of '/etc/proftpd/modules.conf'
… proftpd[2383423]: warning: unable to include '/etc/proftpd/modules.conf': Operation not permitted
… proftpd[2383423]: mod_memcache/0.1: compiled using libmemcached-1.0.18 headers, but linked to libmemcached-1.1.3 library
… proftpd[2383424]: mod_dso/0.5: unable to load 'mod_rewrite.c'; check to see if '/usr/lib/proftpd/mod_rewrite.la' exists
… proftpd[2383424]: fatal: LoadModule: error loading module 'mod_rewrite.c': No such file or directory on line 74 of '/etc/proftpd/modules.conf'
… proftpd[2383424]: warning: unable to include '/etc/proftpd/modules.conf': Operation not permitted
… proftpd[2383424]: mod_memcache/0.1: compiled using libmemcached-1.0.18 headers, but linked to libmemcached-1.1.3 library
… proftpd[2383425]: localhost - ProFTPD 1.3.8 (stable) (built Thu Dec 15 2022 21:47:50 UTC) standalone mode STARTUP
… systemd[1]: Started proftpd.service - ProFTPD FTP Server.

如上所示fatal。由于它/etc/proftpd/proftpd.conf从未加载,因此使用了默认的内置配置。

就我而言,我必须:

  1. 注释掉LoadModule mod_rewrite.c/etc/proftpd/modules.conf
  2. 然后sudo systemctl restart proftpd

proftpd 被编程为在发生致命错误后继续加载并忽略所有配置,这是非常糟糕的(特别是出于安全原因)。

相关内容