ProftpD, restrict user access

[CrustyDOD]

Hey guys,

I have a request as i cannot figure it out.

I have two FTP accounts, one is for people inside company with normal rights (upload, delete,...).

The second FTP account is for clients. Right now i have anonymous enabled where they can just download and not delete/upload files.

Now to the 'problem'. I don't like having anonymous FTP enabled as EVERYONE can access, not just the clients.

So the idea was this:
- Create normal FTP account for clients.
- Restrict this account to allow only downloads.

Of course, the paths are the same for both accounts.

Is this possible with some custom config rights for specific user?

 

[scsi]

There are some if statements you can use if you have the mod in proftpd.

http://www.castaglia.org/proftpd/modules/mod_ifsession.html

 

[nobaloney]

My recollection is that you can make settings in ProFTPd (no mods reqired) so certain accounts can only have certain privileges.

I believe (but I'm not certain; you can test) that FTP honors read/write flags and if your directory is not set as writable, then no one can upload a new file, and if existing files are not writable and no one can update them with an overwrite.

But of course check that before depending on it; it's been a long time and I could be wrong.

Jeff

 

[orkinoks]

Hi;
it's an old topic but I would like to write how I solved the same problem in case someone may need.
1)Create an ftp user with access to public_html user. (user1)
2)Create another user with access to public_html/upload (user2)
3)Create a file named .ftpaccess and write these into the file and save it to public_html/upload

  <Directory /home/"DAUSER"/domains/"DOMAIN"/public_html/upload/>
    <Limit DELE,RETR>
      AllowUser "USER1"
      DenyAll
    </Limit>
  </Directory>

By restricting DELE and RETR commands, user2 will only be able to upload files, but cant delete and download them.