Linux – How to deny or reject FTP commands for some user on proftpd

There works a FTP Server (proftpd) on Centos 6.5, Auth mech is AUTH_FILE and default ROOT is /var/ftp all User should put Files into this directory but only 2 User should get or list this files. Is it possible to deny some FTP Commands for a few Users?

My proftpd Config looks like:

DefaultRoot                     /var/ftp/
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_file.c  mod_auth_unix.c
RequireValidShell  off
AuthUserFile  /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
AuthPAM off
RequireValidShell off

The content of /etc/proftpd/ftpd.group is:

ftp_group:x:50:user1

And the user file /etc/proftpd/ftpd.passwd looks like:

user1:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false
user2:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false
user3:$1$somesaltblablablablablablablabd:9999:9999::/var/ftp:/bin/false

User1 should be the user who can't get or list Files on the FTP Server. Is it possible?

Best Answer

Related to this Documentation (In the example section) I use LIMIT Command to reject the FTP Commands. The following was add to the proftpd.conf:

<Directory /var/ftp>
 <Limit ALL>
      DenyAll
 </Limit>

 <Limit DIRS READ>
    AllowUser user1
    AllowUser user2
    DenyAll
 </Limit>
</Directory>

User3 can use the LIST Command (ls) but proftpd deny the command and return an empty result and the other User (User1 and User2) can use this Commands.

Best Answer

Related Solutions

Centos – FTP not showing files or directories

Ftp – proftpd overwrite permission denied ftp user

Related Topic