Re: ProFTP login horror
- From: Paul Howarth <paul@xxxxxxxxxxxx>
- Date: Tue, 28 Feb 2006 20:45:01 +0000
On Tue, 2006-02-28 at 21:24 +0100, Marcel Janssen wrote:
Hi Les,
I haven't used proftpd for a while. Does it have any security
options (like not running as root or living in a chroot jail)
that would keep it from reading your shadow password file?
Yes, it doesn't run as root and can live in a chroot jail.
Here's what I use:
In proftpd.conf:
...
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident lookups (hangs when the port is filtered)
IdentLookups off
# Turn off reverse DNS lookups
# Not having this option can cause problems for chrooted users e.g.
anonymous
#UseReverseDNS off
# This sometimes helps too
PersistentPasswd off
...
And in /etc/pam.d/proftpd
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
Paul.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- ProFTP login horror
- From: Marcel Janssen
- Re: ProFTP login horror
- From: Marcel Janssen
- Re: ProFTP login horror
- From: Les Mikesell
- Re: ProFTP login horror
- From: Marcel Janssen
- ProFTP login horror
- Prev by Date: Re: Galeon! -- & VDQ yum
- Next by Date: Ideal Server Hardware Choice
- Previous by thread: Re: ProFTP login horror
- Next by thread: Re: ProFTP login horror
- Index(es):
Relevant Pages
|
