проблема proFTPD и .ftpaccess

<Limit ALL>

Deny from all

Allow from 0.0.0.0/0

</Limit>

по аналогии

к сожалению нет реакции

я бы думал, что .ftpaccess вообще не работает, но подобная конструкция

<Limit DIRS>

DenyUser username

</Limit>

работает вполне корректно

полностью конфиг покажите, что-то мне кажется вы перемудрили.... и для кого вы хотите запретить запись?

# This is the ProFTPD configuration file

#

# See: http://www.proftpd.org/docs/directives/linked/by-name.html



# Server Config - config used for anything outside a <VirtualHost> or <Global> context

# See: http://www.proftpd.org/docs/howto/Vhost.html



ServerName			"ProFTPD server"

ServerIdent			on "FTP Server ready."

ServerAdmin			root@localhost

DefaultServer			on



# Cause every FTP user except adm to be chrooted into their home directory

# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to

# work at session-end time (http://bugzilla.redhat.com/477120)

VRootEngine			on

DefaultRoot			~ !adm

VRootAlias			etc/security/pam_env.conf /etc/security/pam_env.conf



# Use pam to authenticate (default) and be authoritative

AuthPAMConfig			proftpd

AuthUserFile			/etc/proftpd/passwd

#AuthOrder			mod_auth_pam.c* mod_auth_unix.c

AuthOrder			mod_auth_file.c mod_auth_unix.c

# If you use NIS/YP/LDAP you may need to disable PersistentPasswd

#PersistentPasswd		off



# Don't do reverse DNS lookups (hangs on DNS problems)

UseReverseDNS			off

# Set the user and group that the server runs as

User				nobody

Group				nobody



# To prevent DoS attacks, set the maximum number of child processes

# to 20.  If you need to allow more than 20 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode; in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances			20



# Disable sendfile by default since it breaks displaying the download speeds in

# ftptop and ftpwho

UseSendfile			off



# Define the log formats

LogFormat			default	"%h %l %u %t \"%r\" %s %b"

LogFormat			auth	"%v [%P] %h %t \"%r\" %s"



# Dynamic Shared Object (DSO) loading

# See README.DSO and howto/DSO.html for more details

#

# General database support (http://www.proftpd.org/docs/contrib/mod_sql.html)

#   LoadModule mod_sql.c

#

# Mysql support (requires proftpd-mysql package)

# (http://www.proftpd.org/docs/contrib/mod_sql.html)

#   LoadModule mod_sql_mysql.c

#

# Postgresql support (requires proftpd-postgresql package)

# (http://www.proftpd.org/docs/contrib/mod_sql.html)

#   LoadModule mod_sql_postgres.c

#

# Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html)

#   LoadModule mod_quotatab.c

#

# File-specific "driver" for storing quota table information in files

# (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html)

#   LoadModule mod_quotatab_file.c

#

# SQL database "driver" for storing quota table information in SQL tables

# (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html)

#   LoadModule mod_quotatab_sql.c

#

# LDAP support (requires proftpd-ldap package)

# (http://www.proftpd.org/docs/directives/linked/config_ref_mod_ldap.html)

#   LoadModule mod_ldap.c

#

# LDAP quota support (requires proftpd-ldap package)

# (http://www.proftpd.org/docs/contrib/mod_quotatab_ldap.html)

#   LoadModule mod_quotatab_ldap.c

#

# Support for authenticating users using the RADIUS protocol

# (http://www.proftpd.org/docs/contrib/mod_radius.html)

#   LoadModule mod_radius.c

#

# Retrieve quota limit table information from a RADIUS server

# (http://www.proftpd.org/docs/contrib/mod_quotatab_radius.html)

#   LoadModule mod_quotatab_radius.c

#

# Administrative control actions for the ftpdctl program

# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html)

#   LoadModule mod_ctrls_admin.c

#

# Execute external programs or scripts at various points in the process

# of handling FTP commands

# (http://www.castaglia.org/proftpd/modules/mod_exec.html)

#   LoadModule mod_exec.c

#

# Support for POSIX ACLs

# (http://www.proftpd.org/docs/modules/mod_facl.html)

#   LoadModule mod_facl.c

#

# Configure server availability based on system load

# (http://www.proftpd.org/docs/contrib/mod_load.html)

#   LoadModule mod_load.c

#

# Limit downloads to a multiple of upload volume (see README.ratio)

#   LoadModule mod_ratio.c

#

# Rewrite FTP commands sent by clients on-the-fly,

# using regular expression matching and substitution 

# (http://www.proftpd.org/docs/contrib/mod_rewrite.html)

#   LoadModule mod_rewrite.c

#

# Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK,

# and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html)

#   LoadModule mod_site_misc.c

#

# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny

# files, for IP-based access control

# (http://www.proftpd.org/docs/contrib/mod_wrap.html)

#   LoadModule mod_wrap.c

#

# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny

# files, as well as SQL-based access rules, for IP-based access control

# (http://www.proftpd.org/docs/contrib/mod_wrap2.html)

#   LoadModule mod_wrap2.c

#

# Support module for mod_wrap2 that handles access rules stored in specially

# formatted files on disk

# (http://www.proftpd.org/docs/contrib/mod_wrap2_file.html)

#   LoadModule mod_wrap2_file.c

#

# Support module for mod_wrap2 that handles access rules stored in SQL

# database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html)

#   LoadModule mod_wrap2_sql.c

#

# Provide a flexible way of specifying that certain configuration directives

# only apply to certain sessions, based on credentials such as connection

# class, user, or group membership

# (http://www.proftpd.org/docs/contrib/mod_ifsession.html)

#   LoadModule mod_ifsession.c



# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)

<IfDefine TLS>

  TLSEngine			on

  TLSRequired			on

  TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem

  TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem

  TLSCipherSuite		ALL:!ADH:!DES

  TLSOptions			NoCertRequest

  TLSVerifyClient		off

  #TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300

  TLSLog			/var/log/proftpd/tls.log

</IfDefine>



# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)

# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd

<IfDefine DYNAMIC_BAN_LISTS>

  LoadModule			mod_ban.c

  BanEngine			on

  BanLog			/var/log/proftpd/ban.log

  BanTable			/var/run/proftpd/ban.tab



  # If the same client reaches the MaxLoginAttempts limit 2 times

  # within 10 minutes, automatically add a ban for that client that

  # will expire after one hour.

  BanOnEvent			MaxLoginAttempts 2/00:10:00 01:00:00



  # Allow the FTP admin to manually add/remove bans

  BanControlsACLs		all allow user ftpadm

</IfDefine>



# Global Config - config common to Server Config and all virtual hosts

# See: http://www.proftpd.org/docs/howto/Vhost.html

<Global>



  # Umask 022 is a good standard umask to prevent new dirs and files

  # from being group and world writable

  Umask				022



  # Don't do ident queries (hangs when the port is filtered)

  IdentLookups			off



  # Allow users to overwrite files and change permissions

  AllowOverwrite		yes

  <Limit ALL SITE_CHMOD>

    AllowAll

  </Limit>



</Global>



# A basic anonymous configuration, with an upload directory

# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd

<IfDefine ANONYMOUS_FTP>

  <Anonymous ~ftp>

    User			ftp

    Group			ftp

    AccessGrantMsg		"Anonymous login ok, restrictions apply."



    # We want clients to be able to login with "anonymous" as well as "ftp"

    UserAlias			anonymous ftp



    # Limit the maximum number of anonymous logins

    MaxClients			10 "Sorry, max %m users -- try again later"



    # Put the user into /pub right after login

    #DefaultChdir		/pub



    # We want 'welcome.msg' displayed at login, '.message' displayed in

    # each newly chdired directory and tell users to read README* files. 

    DisplayLogin		/welcome.msg

    DisplayChdir		.message

    DisplayReadme		README*



    # Cosmetic option to make all files appear to be owned by user "ftp"

    DirFakeUser			on ftp

    DirFakeGroup		on ftp



    # Limit WRITE everywhere in the anonymous chroot

    <Limit WRITE SITE_CHMOD>

      DenyAll

    </Limit>



    # An upload directory that allows storing files but not retrieving

    # or creating directories.

    <Directory uploads/*>

      AllowOverwrite		no

      <Limit READ>

        DenyAll

      </Limit>



      <Limit STOR>

        AllowAll

      </Limit>

    </Directory>



    # Don't write anonymous accesses to the system wtmp file (good idea!)

    WtmpLog			off



    # Logging for the anonymous transfers

    ExtendedLog			/var/log/proftpd/access.log WRITE,READ default

    ExtendedLog			/var/log/proftpd/auth.log AUTH auth



  </Anonymous>

</IfDefine>



DefaultRoot ~

ListOptions "-l"

FILA44 добавил 16.06.2010 в 10:07

Вообще задача чуть более сложная, создать некое дерево каталогов и назначить различные права для нескольких пользователей.

но для начала необходимо реализовать именно то, что указано в первом сообщении

Весьма странно, что не работает, потому что конструкция в .ftpaccess в первом посте верная.

В конфиге тоже никакой противоречивой информации не наблюдаю.

Нет ли по пути от пользовательского homedir до этой директории еще каких-либо .ftpaccess-ов? Может там какое хитрое наследование работает.

Покажите вывод: proftpd -l

Есть ли там mod_wrap2.c или mod_wrap.c ?