×
Create a new article
Write your page title here:
We currently have 3,189 articles on s23. Type your article name above or create one of the articles listed here!



    s23
    s23
    3,189Articles
    Add new page

    Proftpd-howto: Difference between revisions

    Content added Content deleted
    (minor II)
    imported>Phrack
    No edit summary
     
    (One intermediate revision by one other user not shown)
    Line 1: Line 1:
    =Proftpd(debian) Howto=
    =Proftpd(debian) Howto=
    ==FTP-Access mit Quota und Traffic Limit [UNDER CONSTRUCTION] (phrack temp - need new passwd:P)==
    ==FTP-Access using Quota and Traffic Limit==
    "A walkthrough for a common situation: you want to give someone the possibility to access your FTP-server, but you like the maximum amount of disk space granted to the user and the maximum traffic to be limited. Also the user will be unable to access files outside his home-directory and he will not be able to login via SSH"
    "ein Lösungsweg für den Fall: man muss einem User FTP-Access geben, möchte aber sowohl den maximal belegbaren Webspace, als auch den maximalen Traffic dieses Users limitieren. Der Benutzer soll sein Home-Verzeichnis nicht verlassen können, der SSH-Zugang wird nicht zugelassen"
    <br>

    <br>
    bitte erstmal so lassen, ich arbeite noch dran ;)
    ===Optional settings I recommend===
    ToDo: translation:en_US
    * Limit ssh-access to specific users<br>Add the following code to /etc/sshd/sshd_config:<pre>AllowUsers somebody somebodyelse</pre>(please separate multiple users by space characters ;-) and disable root-login<pre>PermitRootLogin No</pre>

    <br>
    * (optional) vorher den ssh-zugang auf bestimmte user limitieren: in /etc/sshd.conf <pre>AllowUsers irgendwer irgendweranders</pre>(bitte die einzelnen User mit Leerzeichen trennen ;-)<pre>PermitRootLogin No</pre>
    * (optional) ident- & dns-lookup abschalten, um die zugriffszeit signifikant zu reduzieren)<br>in der datei /etc/proftpd.conf werden folgende einträge hinzugefügt:<pre>IdentLookups off</pre><pre>UseReverseDNS off</pre>
    * Disable ident- & dns-lookups to speed up FTP-access significantly<br>To achieve this you need to add two lines to your /etc/proftpd.conf:<pre>IdentLookups off</pre><pre>UseReverseDNS off</pre>
    <br>
    * Voraussetzung: kernel-support für quota muss gegeben sein (!somebody please insert how to check)
    * Precondition: kernel-support for quota has to be enabled (!somebody please insert how to check)

    <br>
    * <pre># apt-get install quota quotatool</pre>
    ===The actual setup===
    * in /etc/fstab <i>usrquota</i> einfügen, z.B.<pre>/dev/hda1 / ext3 defaults,usrquota 0 2</pre>
    * First you need to install the main packages<pre># apt-get install quota quotatool</pre>
    * auf allen partitionen mit quota wird die datei <i>quota.user</i> angelegt, im Bsp.: <pre># touch /quota.user</pre>
    <br>
    * wir prüfen ob die einstellungen übernommen wurden (ob usrquota für die partition aktiviert ist) <pre># cat /etc/mtab</pre>
    * Activate quota for your partition(s) in /etc/fstab: <pre>/dev/hda1 / ext3 defaults,usrquota 0 2</pre>In this example we use the root partition "/"
    * Der User "fnord" soll maximal 230 MB speicher belegen können <pre># quotatool -u fnord -b -q 230MB -v /</pre>hierbei steht "/" wieder für die im beispiel verwendete partition /
    <br>

    * Create a file "quota.user" in the root of every partition you like to use quota on <pre># touch /quota.user</pre>(in our example the file is created in "/", because this is the root of the partition we want to use)

    %% tmp %%<br>
    <br>
    * We will now remount the filesystem(s) to activate our changes<pre># mount -o remount /</pre>(This works perfectly even for "/")
    /etc/proftpd.conf DefaultRoot ~ // lock user to home dir (chroot)
    <br>

    * check if "usrquota" is activated<pre># cat /etc/mtab</pre>
    <br><br>
    <br><br>
    * Add a user you want to enable FTP-access for<pre>adduser fnord</pre>In our example we will limit the maximum disk space for our new user to 230 MB<pre># quotatool -u fnord -b -q 230MB -v /</pre>Again we use "/" at the end of the line because our used partition is /

    QuotaEngine on<br>
    QuotaLimitTable file:/ftpquota.limittab<br>
    QuotaTallyTable file:/ftpquota.tallytab<br>
    QuotaDisplayUnits "Gb"<br>
    ServerAdmin "admin@server.org"<br>
    <br>
    <br>
    * Final check to confirm settings<pre># quota fnord</pre>
    in das bei QuotaLimitTable angegebene verzeichnis wechseln (im Bsp: /) und dateien anlegen lassen// ftpquota --create-table --type=limit // ftpquota --create-table --type=tally<br>
    <br>
    <br>
    * All users should be locked (chroot) inside their home directory, so nobody can access other files on the server. For this we simply add a line to /etc/proftpd.conf<pre>DefaultRoot ~</pre>
    bsp 5 gig transfer limit (up&down combined) ftpquota --add-record --type=limit --name=fnord --quota-type=user --bytes-xfer 24696061952<br>
    <br>
    --bytes-upload=1 --bytes-download=0 --units=Mb<br>
    * During the next steps we deal with our traffic limit for the user. Add these lines to /etc/proftpd.conf:<pre>QuotaEngine on</pre><pre>QuotaLimitTable file:/ftpquota.limittab</pre><pre>QuotaTallyTable file:/ftpquota.tallytab</pre>(specify the location in which you want the config files to be. In our case we use / (please do not change the file name))
    --update-record // --show-records // --delete-record // --bytes-upload //--bytes-download // --bytes-xfer etc. // --per-session
    <br>
    * You can also choose what to display to the user by adding <pre>QuotaDisplayUnits "Gb"</pre>(or Mb / Kb)
    <br>
    * The email-address for support can be inserted, but is not obligatory<pre>ServerAdmin "admin@server.org"</pre>
    <br>
    * Now please navigate to the directory you chose to put the config files in and let the proftpd-included tool create our files<pre># cd /</pre><pre># ftpquota --create-table --type=limit</pre><pre># ftpquota --create-table --type=tally</pre>
    <br>
    * While still in this location, type the following command to add traffic restrictions for specific users. (in our example we will give the user "fnord" 5 GB of overall traffic (up & down combined)<pre># ftpquota --add-record --type=limit --name=fnord --quota-type=user --bytes-xfer 5368709120</pre>(The maximum traffic amount is set in bytes unless you use --units=Mb or similar) You can also choose from these limiting options: "--bytes-upload=26214400" (limit uploads to 25 MB) "--bytes-download=734003200" (limit downloads to 700 MB)<br>Already existent records can be updated by using "--update-record" instead of "--add-record", the same options are available. "--show-records" lists all active limits and "--delete-record" deletes it
    <br><br>
    <br><br>
    * The final step is to restart proftpd for the changes to take effect<pre># /etc/init.d/proftpd restart</pre>

    <br>
    proftpd neustarten um config zu laden // /etc/init.d/proftpd restart<br>
    * You can now connect to your ftp with the new user "fnord" and check if everything went right, by executing the command<pre># quote SITE quota</pre>(You need to connect first)<br><br><b>Congratulations! The setup is now complete.</b>
    zum ftp als user fnord connecten und quota anzeigen lassen // quote SITE quota

    Latest revision as of 22:04, 16 March 2006

    Proftpd(debian) Howto[edit]

    FTP-Access using Quota and Traffic Limit[edit]

    "A walkthrough for a common situation: you want to give someone the possibility to access your FTP-server, but you like the maximum amount of disk space granted to the user and the maximum traffic to be limited. Also the user will be unable to access files outside his home-directory and he will not be able to login via SSH"

    Optional settings I recommend[edit]

    • Limit ssh-access to specific users
      Add the following code to /etc/sshd/sshd_config:
      AllowUsers somebody somebodyelse
      (please separate multiple users by space characters ;-) and disable root-login
      PermitRootLogin No


    • Disable ident- & dns-lookups to speed up FTP-access significantly
      To achieve this you need to add two lines to your /etc/proftpd.conf:
      IdentLookups    off
      UseReverseDNS   off


    • Precondition: kernel-support for quota has to be enabled (!somebody please insert how to check)


    The actual setup[edit]

    • First you need to install the main packages
      # apt-get install quota quotatool


    • Activate quota for your partition(s) in /etc/fstab: 
      /dev/hda1       /    ext3    defaults,usrquota               0       2
      In this example we use the root partition "/"


    • Create a file "quota.user" in the root of every partition you like to use quota on 
      # touch /quota.user
      (in our example the file is created in "/", because this is the root of the partition we want to use)


    • We will now remount the filesystem(s) to activate our changes
      # mount -o remount /
      (This works perfectly even for "/")


    • check if "usrquota" is activated
      # cat /etc/mtab



    • Add a user you want to enable FTP-access for
      adduser fnord
      In our example we will limit the maximum disk space for our new user to 230 MB
      # quotatool -u fnord -b -q 230MB -v /
      Again we use "/" at the end of the line because our used partition is /


    • Final check to confirm settings
      # quota fnord


    • All users should be locked (chroot) inside their home directory, so nobody can access other files on the server. For this we simply add a line to /etc/proftpd.conf
      DefaultRoot ~


    • During the next steps we deal with our traffic limit for the user. Add these lines to /etc/proftpd.conf:
      QuotaEngine     on
      QuotaLimitTable file:/ftpquota.limittab
      QuotaTallyTable file:/ftpquota.tallytab
      (specify the location in which you want the config files to be. In our case we use / (please do not change the file name))


    • You can also choose what to display to the user by adding 
      QuotaDisplayUnits "Gb"
      (or Mb / Kb)


    • The email-address for support can be inserted, but is not obligatory
      ServerAdmin "admin@server.org"


    • Now please navigate to the directory you chose to put the config files in and let the proftpd-included tool create our files
      # cd /
      # ftpquota --create-table --type=limit
      # ftpquota --create-table --type=tally


    • While still in this location, type the following command to add traffic restrictions for specific users. (in our example we will give the user "fnord" 5 GB of overall traffic (up & down combined)
      # ftpquota --add-record --type=limit --name=fnord --quota-type=user --bytes-xfer 5368709120
      (The maximum traffic amount is set in bytes unless you use --units=Mb or similar) You can also choose from these limiting options: "--bytes-upload=26214400" (limit uploads to 25 MB) "--bytes-download=734003200" (limit downloads to 700 MB)
      Already existent records can be updated by using "--update-record" instead of "--add-record", the same options are available. "--show-records" lists all active limits and "--delete-record" deletes it



    • The final step is to restart proftpd for the changes to take effect
      # /etc/init.d/proftpd restart


    • You can now connect to your ftp with the new user "fnord" and check if everything went right, by executing the command
      # quote SITE quota
      (You need to connect first)

      Congratulations! The setup is now complete.
    Retrieved from "https://wiki.s23.org/wiki/Proftpd-howto?oldid=27313"
    Cookies help us deliver our services. By using our services, you agree to our use of cookies.
    More information
    Cookies help us deliver our services. By using our services, you agree to our use of cookies.
    More information