proftpd 虚拟用户的权限被拒绝

proftpd 虚拟用户的权限被拒绝

我安装了 Proftpd Administrator GUI,以便更轻松地管理我的 FTP 用户。我遇到的问题是,我必须将目录权限设置为 777,以允许保存在 mysql 数据库中的虚拟用户编辑和保存文件。如果我将其更改为 775,则用户将被拒绝权限。

这是我的 proftpd.conf 文件

Include /etc/proftpd/modules.conf

ServerName                      "ServerName"
ServerType                      standalone
ServerIdent                     on              "Servers identifying string"
DeferWelcome                    on
DefaultServer                   on

DisplayLogin                    .welcome        # Textfile to display on login
DisplayConnect                  .connect        # Textfile to display on connec$
#DisplayFirstChdir               .firstchdir    # Textfile to display on first $

UseReverseDNS                   off
IdentLookups                    off

Port                            21
Umask                           022
MaxInstances                    15
MaxClientsPerHost               3               "Only %m connections per host a$
MaxClients                      10              "Only %m total simultanious log$
MaxHostsPerUser                 1

User                            proftpd
Group                           www-data

ScoreboardFile                  /var/log/scoreboard

# Some logging formats
LogFormat                       default         "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth            "%v [%P] %h %t \"%r\" %s"
LogFormat                       write           "%h %l %u %t \"%r\" %s %b"

# Define log-files to use
TransferLog                     /var/log/proftpd.xferlog
ExtendedLog                     /var/log/proftpd.access_log    WRITE,READ write
ExtendedLog                     /var/log/proftpd.auth_log      AUTH auth
ExtendedLog                     /var/log/proftpd.paranoid_log  ALL default
SQLLogFile                      /var/log/proftpd.mysql

# Set up authentication via SQL
# ===========
AuthOrder                       mod_sql.c
SQLAuthTypes                    Backend
SQLConnectInfo                  proftpd_admin username password
SQLUserInfo                     usertable userid passwd uid gid homedir shell
SQLGroupInfo                    grouptable groupname gid members
SQLUserWhereClause              "disabled=0 and (NOW()<=expiration or expiratio$

# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'"$

# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable

# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"

# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery  transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now($
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery  transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now($


AllowStoreRestart               on
AllowRetrieveRestart            on
RequireValidShell               off
#PathDenyFilter                  "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot                     ~
DenyFilter                      \*.*/


<Directory /path/to/dir>
        AllowOverwrite          on
        HideNoAccess            off
        <Limit READ>
                AllowAll
        </Limit>

        <Limit WRITE>
                AllowAll
        </Limit>
</Directory>

<Directory /path/to/dir>
        AllowOverwrite          on
        HideNoAccess            on

        <Limit READ>
                AllowAll
        </Limit>

        <Limit STOR MKD>
                AllowAll
        </Limit>
</Directory>

我将proftpd运行 proftpd 服务的用户放在 www-data 中(设置为该目录的组)。我更改了虚拟用户 GID,使其与系统的 www-data GID 匹配(即33)。当我使用虚拟用户创建新文件时,该文件 GID 设置为65533,权限设置为644。我的系统文件中不存在此 GID /etc/group

我如何保留文件夹和文件的权限755并允许用户编辑和保存这些文件?

答案1

我怀疑 mod_sql 可能会过滤您在 SQL 数据库中分配给用户的 UID/GID 值。默认情况下,mod_sql(出于历史原因)对数字 ID 施加最小值;任何低于此最小值的值都将映射到默认值。请参阅:

http://www.proftpd.org/docs/contrib/mod_sql.html#SQLMinID

并且该值 65533 来自默认值,例如:

http://www.proftpd.org/docs/contrib/mod_sql.html#SQLDefaultUID

因此,考虑到这一点,您可以尝试添加:

SQLMinID 1

到您的 proftpd.conf。

相关内容