Заметки по vhost

[Снова полный бардак. Вернусь к нему попозже...]

I have tried to configure a name-based Virtual Host, but I always get to = the Directory which I configured in the <global>-area. My system: SuSE-Linux 6.3, ProFTP 1.2.0pre10. Yes, I've read the FAQ = :-). All Hosts should have the same IP (212.172.160.148).

my proftpd.conf:
# START
ServerName "Webmasters FTP-Server"
ServerType inetd
ServerAdmin admin@webmasters.at

DeferWelcome on

Port                  21
Umask                002
TimeoutLogin         120
TimeoutIdle          600
TimeoutNoTransfer    900
TimeoutStalled      3600
User    ftp
Group    nogroup
#DefaultRoot   ~
UseReverseDNS        off
ScoreboardFile   /var/run/proftpd
TransferLog   /var/log/proftpd/xferlog.legacy
LogFormat       default "%h %l %u %t \"%r\" %s %b"
LogFormat auth    "%v [%P] %h %t \"%r\" %s"
LogFormat write   "%h %l %u %t \"%r\" %s %b"

<Global>
 DisplayLogin     /usr/local/ftp/msgs/welcome.msg
 #DisplayFirstChdir    readme
 MaxClients 30
 AllowOverwrite     yes
 IdentLookups         off
 ExtendedLog /var/log/proftpd/access.log WRITE,READ write
 ExtendedLog  /var/log/proftpd/auth.log AUTH auth
  #ExtendedLog    /var/log/proftpd/paranoid.log ALL default
</Global>

<VirtualHost www.joydisco.at>
 ServerName  "www.joydisco.at"
 ServerAdmin  admin@joydisco.at
 #TransferLog  /var/log/proftpd/xferlog.www
 MaxClients  50
 #DefaultServer  on
 DefaultRoot  /www/www.joydisco.at
 AllowOverwrite  yes

</VirtualHost>
# END

> I have tried to configure a name-based Virtual Host, but I always get > to the Directory which I configured in the <global>-area. > All Hosts should have the same IP (212.172.160.148). > My system: SuSE-Linux 6.3, ProFTP 1.2.0pre10. Yes, I've read the FAQ Including http://www.proftpd.org/docs/proftpdfaq-5.html#ss5.6 ? I have tried to configure a Virtual Host, but I always get to the = Directory which I configured in the <global>-area. My system: SuSE-Linux 6.3, ProFTP 1.2.0pre10. my proftpd.conf: # START ServerName "Webmasters FTP-Server" ServerType inetd ServerAdmin admin@webmasters.at DeferWelcome on Port 21 Umask 002 TimeoutLogin 120 TimeoutIdle 600 TimeoutNoTransfer 900 TimeoutStalled 3600 User ftp Group nogroup #DefaultRoot ~ UseReverseDNS off ScoreboardFile /var/run/proftpd TransferLog /var/log/proftpd/xferlog.legacy LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" <Global> DisplayLogin /usr/local/ftp/msgs/welcome.msg #DisplayFirstChdir readme MaxClients 30 AllowOverwrite yes IdentLookups off ExtendedLog /var/log/proftpd/access.log WRITE,READ write ExtendedLog /var/log/proftpd/auth.log AUTH auth #ExtendedLog /var/log/proftpd/paranoid.log ALL default </Global> <VirtualHost 212.172.160.148> ServerName "www.joydisco.at" ServerAdmin admin@joydisco.at #TransferLog /var/log/proftpd/xferlog.www MaxClients 50 #DefaultServer on DefaultRoot /www/www.joydisco.at AllowOverwrite yes </VirtualHost> # END many thx for your help Thomas, tom@goisern.net Von: Falk Kuehnel [mailto:mailing-falk@salia.de] Gesendet am: Freitag, 24. M=E4rz 2000 13:15 An: proftpd@proftpd.org Betreff: [ProFTPD] Virtual FTP-Server Hi There! I was wondering if there is an way to set up severall VirtualFtpServers=20 with just one IP-Adress which can be connected to by anonymous users? I know this is not possible just by referring to the name of the server,=20 but if i understood correctly, it can be done by using different ports. I= s=20 there a howto, where the solution ist described? Thanx for your help Falk I'm using proftpd on several of my servers and I like its flexibility and security mechanisms. I'm running also a few virtualhosts (ip- and port-ba= sed). Now I would like to make a plan (or scheme) for adding new virtualhosts s= erving access for directories containing WWW services. Since particular users (i.e. website developers) should have access only to their projects= and often one project is developed by many of them, I want to make one (e.g. = port based) virtual host for one project. Do you see any disadvantages of such= a solution? How many port-based virtualhosts can proftpd (running on a linu= x system) handle? Are there any limitations other than CPU speed and RAM availability? this is my first post to the list. My question is: - is possible to create accounts that are only valid for FTP access?(I don't want that the user have a UNIX account) . Send me an example please. - IP restrict access doesn't works for me (I see an example in the documentation...but ...) so can someone send me his **proftpd.conf** where I can see that? On the users side of things, you just need to set the users' shell to /bin/false. Easy Way: In your proftpd.conf [or your virtual host line in there] AuthUserFile /config/ftp.passwd AuthGroupFile /config/ftp.group Then copy the SAME FORMAT AS /etc/passwd and /etc/group for example user:<hashed password>:<id>:<group>::<homedir>:/bin/false mark:x:980:100::/ftp/mark:/bin/false x being an encrypted password Enjoy! Its a great feature- especially if you make a quick 10 line web interface for the owner of vhosts to be able to change their own passwd files. -- Mike Krieger phyre@home.com On the users side of things, you just need to set the users' shell to /bin/false. - is possible to create accounts that are only valid for FTP access?(I don't want that the user have a UNIX account) . Send me an example please. - IP restrict access doesn't works for me (I see an example in the documentation...but ...) so can someone send me his **proftpd.conf** where I can see that? Can I make a VirtualHost write to a separate wtmp file? I already have it writing to a separate xferlog but I'd like to write to a separate wtmp if possible. I'd like an easy way of seeing if someone is connected to a given VirtualHost. I guess I could compare the users that are still on (via ftpwho) to the output of netstat to see who connected to where. That's not very elegant though. Ideas? Another question, with DisplayGoAway, will it display the file to the user if they aren't allowed to connect in general, via a Limit block? The docs don't really say. They just say that it "will be displayed to the user if the class they're a member of has too many users logged in". It doesn't say if it will do that for all denied requests. In my case, I'm limiting this VirtualHost to certain IP ranges. I am limiting it to 75 anonymous users on that virtualhost but I don't care about displaying the file then, just when the user is connecting from and IP that isn't authorized. Any ideas if it will work or if there's a better way or if I'm just SOL? I had a 3rd question but I forgot it so it must not be important. Does proftpd support virtual directories (not necessarily virtual servers). Here's my situation, I wish to provide a group of users with access to a common directory (Group A), and another group of users with access to another common directory (Group B). Group A must not have access to Group B's files. Using AuthUserFile and AuthGroupFile to establish separate authentication. My hunch would be using multiple DefaultRoot entries. Something like: <Global> ... DefaultRoot /var/ftp/data/group-a groupa,!staff DefaultRoot /var/ftp/data/group-b groupb,!staff ... </Global> Would the above even be parseable or work? Read the FAQ and docs, but examples didn't quite apply. If anyone has any suggestions I'd appreciate it. -- George M. Ellenburg S1 Corp. That's hard to say. For security purposes, I'm faking the user/group in my anonymous block. DirFakeUser on Willie DirFakeGroup on Wildcat I'm not using seperate Auth files either. From the way that the AuthGroup config directives are worded, it would appear that all authentication is done via the the AuthUser/Group files (unless they aren't defined) but to make HideGroup/User work the files must be group or owned by the appropriate user on the actual system. I'm sure if there is a way around that. Just for the hell of it, chgrp 70 groupa's directory. Make sure 70 doesn't conflict with something else on your system. Maybe it does work. I've hidden a directory from users before. To see that directory you had to belong to a certain group. <Directory private> HideGroup crack </Directory> <Directory pub/consult/> HideGroup consult </Directory> I use both and they work well. I believe the file(s) have to be grouped and writable by the respect group. There are also other things you can do to keep the Group A from getting an "permission denied" error (even though the can't see the directory) when trying to cd into Group B directory. This is the situation: I have a <virtualhost> that allows anonymous logins, users can log in and upload files, but not download them. I need to give ONE user all permissions to the same virtualhost. What should my proftpd.conf look like? :) <VirtualHost xxx.xxx.xxx.xxx> DefaultRoot /usr/local/httpd/htdocs/ ServerName "xxx mainserver" ExtendedLog /var/log/proftpd.paranoid_log ALL default <Limit STOR> AllowAll </Limit> <Directory /> AllowOverwrite on <Limit STOR CWD CDUP> AllowAll </Limit> </Directory> </VirtualHost> why am i not allowed to write in any directory ??? when connecting this server ?? Hi, Oh. I just found the FAQ and it seems to answer the question. However the liink to the "draft standard" has gone stale: "File Not Found The requested URL /internet-drafts/draft-ietf-ftpext-mlst-08.txt was not found on this server."

Рейтинг@Mail.ru