From: <gp...@th...> - 2015-01-31 16:07:03
|
Hi all, We have been using proftpd for many years and has served us well. Recently, we decided to start making the move to sftp. Near the end of December, I recompiled our proftpd daemon enabling the sftp module. We run FreeBSD 8.0 , 9.1 and 9.3, and have compiled proftpd from ports. Enabling the sftp module was not available through ‘make config’ so I simply added the module to the Makefile. example in port Makefile # Always built modules MODULES+= mod_ban \ … mod_sftp \ … Everything compiled and installed and worked, no issues. However, I found that even with everything to do with sftp commented out in the config file, the new daemon has a broken anonymous functionality. I will include a full config below. What happens now, is that when a VirtualHost / Anonymous container exists, even an authenticated user (for that virtual host) logs in, it treat them as anonymous. I have seen some info in this mail list from back in 2009/10 so I figured the bugfix would be included on the version we are using. Or am I missing something? When I remark out the <VirtualHost>, the user will then be treated correctly and will have all access to his filesspace back. Again, this issue happens even with sftp turned off, it only started when we compiled in the sftp module. Any thoughts / hints would be appreciated. Here is our proftpd.conf: ServerName "ProFTPD mydomain Daemon" # LoadModule mod_sftp.c ServerType standalone DefaultServer on ScoreboardFile /var/run/proftpd/proftpd.scoreboard ServerAdmin me...@my... PidFile /var/run/proftpd.pid Port 21 MaxInstances 30 UseReverseDNS off IdentLookups off UseIPv6 off <Global> User nobody Group nogroup DefaultChdir ~ DefaultRoot ~ Umask 022 TimesGMT off PassivePorts 1025 2048 AllowOverwrite off ExtendedLog /var/log/proftpd.log RequireValidShell off RootLogin off AllowStoreRestart off SyslogLevel debug AllowRetrieveRestart off AllowOverride off RootRevoke on </Global> <Directory /*> AllowOverwrite on </Directory> #<IfModule mod_sftp.c> # SFTPEngine on # SFTPLog /var/log/secureftp.log # SFTPAuthMethods password # SFTPMaxChannels 3 # SFTPClientAlive 4 15 # SFTPDisplayBanner /usr/local/etc/proftp-sftp-banner.txt # SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPSetPerms # SFTPTrafficPolicy high # Port 2222 # SFTPHostKey /etc/ssl/private/wildcard.mydomain.com.key #</IfModule> ######################################################################### # Uncomment lines with only one # to allow basic anonymous access # # IP address inside container will need to be updated as well. # ######################################################################### <VirtualHost nnn.nnn.nnn.nnn> <Anonymous ~/ftp> User unixuser Group unixgroup AllowOverwrite on UserAlias anonymous unixuser AuthAliasOnly on AnonRequirePassword off RequireValidShell off <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> <Directory incoming/*> <Limit STOR> AllowAll </Limit> <Limit WRITE DIRS READ> DenyAll </Limit> <Limit CWD XCWD CDUP> AllowAll </Limit> </Directory> </Anonymous> </VirtualHost> -G |