[Proftpd-user] proFTPd 1.3.4d Anon + sftpand

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all,

We have been using proftpd for many years and has served us well. Recently, we decided to start making the move to sftp.

Near the end of December, I recompiled our proftpd daemon enabling the sftp module. 

We run FreeBSD 8.0 , 9.1 and 9.3, and have compiled proftpd from ports.

Enabling the sftp module was not available through ‘make config’ so I simply added the module to the Makefile.

example in port Makefile

# Always built modules
MODULES+=       mod_ban \

                              …
                             mod_sftp \

                             …

Everything compiled and installed and worked, no issues.

However, I found that even with everything to do with sftp commented out in the config file, the new daemon has a broken anonymous functionality. I will include a full config below.

What happens now, is that when a VirtualHost / Anonymous container exists, even an authenticated user (for that virtual host) logs in, it treat them as anonymous. I have seen some info in this mail list from back in 2009/10 so I figured the bugfix would be included on the version we are using. Or am I missing something?

When I remark out the <VirtualHost>, the user will then be treated correctly and will have all access to his filesspace back.

Again, this issue happens even with sftp turned off, it only started when we compiled in the sftp module.

Any thoughts / hints would be appreciated.

Here is our proftpd.conf:

ServerName                      "ProFTPD mydomain Daemon"
# LoadModule                    mod_sftp.c
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd/proftpd.scoreboard
ServerAdmin                     me...@my...
PidFile                         /var/run/proftpd.pid
Port                            21
MaxInstances                    30
UseReverseDNS                   off
IdentLookups                    off
UseIPv6                         off

<Global>
User                            nobody
Group                           nogroup
DefaultChdir                    ~
DefaultRoot                     ~
Umask                           022
TimesGMT                        off
PassivePorts                    1025 2048
AllowOverwrite                  off
ExtendedLog /var/log/proftpd.log
RequireValidShell               off
RootLogin                       off
AllowStoreRestart               off
SyslogLevel debug
AllowRetrieveRestart            off
AllowOverride                   off
RootRevoke                      on
</Global>

<Directory /*>
  AllowOverwrite                on
</Directory>

#<IfModule mod_sftp.c>
# SFTPEngine on
# SFTPLog /var/log/secureftp.log
# SFTPAuthMethods password
# SFTPMaxChannels 3
# SFTPClientAlive 4 15
# SFTPDisplayBanner /usr/local/etc/proftp-sftp-banner.txt
# SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPSetPerms
# SFTPTrafficPolicy high
# Port 2222
# SFTPHostKey /etc/ssl/private/wildcard.mydomain.com.key
#</IfModule>

#########################################################################
# Uncomment lines with only one # to allow basic anonymous access       #
# IP address inside container will need to be updated as well.          #
#########################################################################

 <VirtualHost nnn.nnn.nnn.nnn>

  <Anonymous ~/ftp>
    User unixuser
    Group unixgroup
    AllowOverwrite on
    UserAlias anonymous unixuser
    AuthAliasOnly on
    AnonRequirePassword off
    RequireValidShell off
    <Directory *>
      <Limit WRITE>
        DenyAll
      </Limit>
    </Directory>
   <Directory incoming/*>
      <Limit STOR>
        AllowAll
      </Limit>
      <Limit WRITE DIRS READ>
        DenyAll
      </Limit>
      <Limit CWD XCWD CDUP>
        AllowAll
      </Limit>
    </Directory>
  </Anonymous>

 </VirtualHost>

-G