ProFTPD Plugin for unRAID v6.8.x


SlrG

Recommended Posts

@fabrizzium

Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf)

 

@Pducharme

Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken.

Edited by SlrG
added comment for @Pducharme
Link to comment
10 minutes ago, SlrG said:

@fabrizzium

Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf)

 

@Pducharme

Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken.

 

I think you should just remove (hide?) the part of the plugin that is now broken, that will be cleaner :)

Link to comment

I have a question about having one user needing two directories. My set up is

  • user1file
  • user2file
  • sharedfile

I want user1 to access user1file and sharedfile but not user2file and similarly I want user2 to access user2file and sharedfile but not user1file.

Is that possible without copying the sharedfile?

Edited by streetdonuts
Link to comment

It should work using the directory directive, with limit section and allow user rule. Put them into your /etc/proftpd.conf file, make sure the files exist and reboot the proftpd service in the plugins settings.

<Directory /path/to/user1file>
  <Limit ALL>
      AllowUser user1
      DenyAll
  </Limit>
</Directory>
<Directory /path/to/user2file>
  <Limit ALL>
      AllowUser user2
      DenyAll
  </Limit>
</Directory>
<Directory /path/to/sharedfile>
  <Limit ALL>
      AllowUser user1
      AllowUser user2
      DenyAll
  </Limit>
</Directory>

 

Link to comment
On 5/7/2017 at 6:45 AM, SlrG said:

To enable sftp:

open a shell on your unraid server and issue the following commands


cd /etc/ssh
ssh-keygen

Enter the name of the keyfile (sftp_rsa_key) and no passphrase.

You will get two files sftp_rsa_key and sftp_rsa_key.pub. The public key needs to be converted to another format to make it usable by proftpd:


ssh-keygen -e -f sftp_rsa_key.pub | sudo tee sftp_user_keys

You will get a new file sftp_user_keys. Now the owner and permissions will need to be changed:


chown nobody:users sftp_rsa_key sftp_rsa_key.pub sftp_user_keys
chmod 600 sftp_rsa_key sftp_rsa_key.pub sftp_user_keys 

Now to make your system restore the correct permissions of this keys on boot you will need to modify the mountscript:


nano /boot/config/plugins/ProFTPd/mountscript.sh

Insert the following lines:


chown nobody:users /etc/ssh/sftp_rsa_key /etc/ssh/sftp_rsa_key.pub /etc/ssh/sftp_user_keys
chmod 600 /etc/ssh/sftp_rsa_key /etc/ssh/sftp_rsa_key.pub /etc/ssh/sftp_user_keys

Now edit your proftpd.conf file and insert:


<IfModule mod_sftp.c>
        SFTPEngine on
        Port 2222
        SFTPLog /var/log/sftp.log

        SFTPHostKey /etc/ssh/sftp_rsa_key
        SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keys

        SFTPAuthMethods publickey

        SFTPKeyBlacklist none
        SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem
</IfModule>

Don't forget to restart the proftpd server to enable the changes.

 

You need to copy the sftp_rsa_key and take it with you, to access your server. If you are using FileZilla to connect, the file needs to be converted to a usable format and stored in FileZillas settings.

 

Was there a change to this, I followed instructions but it wont boot with the added config information. 

Link to comment

Hi, I'm trying to get this going on my unRaid server and it appears to almost be working.  When I try to actually connect to one of my ftp users I get back "FATAL ERROR: Received unexpected end-of-file from SFTP server"  any idea what this means or how to troubleshoot?  I have set up ftpuser with the description ftpuser and a second user xyz with description ftpuser /mnt/cache/MyShare.  I have restarted the daemon, deleted and recreated users, all to no avail.  I get the same error message when attempting to connect to either user.

 

Thanks

Link to comment

@cjm187

I'm personally not using sftp and I don't have the time at the moment to try the whole process again. I remember ssh-keygen was broken on some unRAID version, which number, I don't remember anymore. I also don't know if it still might be. The certificates it generated required a password, even if no passphrase was given, which broke what was described above. The solution was, to generate the certificates on another linux machine.  Maybe that is the reason it fails for you. Also try to syntax check the config file and look for error messages, when trying to start the service from the command line.

Test config:
/usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf -t
Test config with debug level 10: 
/usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf -td10
Run normally outputting messages to console:
/usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf

 

@Robot Porcupine

The default ftp setup doesn't use sftp. Did you try to connect without encryption? The first step should be to get it working unencrypted and then one can start trying to make it work encrypted.  If that is not the problem, please search the thread for info on how to debug problems.

 

Encryption is not easy to setup however,  so I recommend to setup a vpn or wireguard instead and use that to connect to the server. Afterwards it is no Problem to use unencrypted ftp over the encrypted vpn connection. Or setup a vm, where you are much more flexible in setting up a FTP server.

Edited by SlrG
removed duplicate line; fix typo
  • Like 1
Link to comment
  • 3 weeks later...
On 5/31/2019 at 4:44 PM, SlrG said:

It seems the download of the plugin control files fails from github. Please download them manually from here into /boot/config/plugins/ProFTPd. Manually create the directory if it does not exist. If the dependency download fails too, download the file manually from here. Afterwards the plugin should install I think. If not, please report again.

FYI, I installed this on Unraid 6.8.3 yesterday, and everything "just worked".  Today I tried installing it on a different instance, vastly different geographical location, different hardware, version 6.8.2, and I got the "...Unable to download missing plugin control files." error.

 

Your first link to the file above is no longer valid.  But I found the directory from the URL works, and I downloaded ProFTPd-SlrG-Control-1.7.tar.gz and ProFTPd-SlrG-Dependency-1.7_x64.tar.gz into /boot/config/plugins/ProFTPd (which already existed), and then I was able to install the plugin.

 

Maybe this will be helpful to you or others.

 

Thanks!

Link to comment

i have a problem with the mount script. after i run the "mount --bind /mnt/user/Filme /mnt/cache/FTP/Gee/Filme" i cant move Files from an other cache folder to "/mnt/cache/Filme". Instead it copys the files.. This took longer time and unnecessary stresses my SSD. Is there a workaround ?

Link to comment

@Gee1

Maybe you could try to "mount --bind /mnt/user0/Filme /mnt/cache/FTP/Gee/Filme" instead. Does it move the files faster then? The drawback will be, that your FTP users will not be able to access the new files until the mover has moved them from the cache to the array. Or you could try to place the homedir of the user on the array and not on the cache: "mount --bind /mnt/user/Filme /mnt/FTP/Gee/Filme".

 

Also you could try to setup the user without jailing them into a home directory, then you won't need the bind mound. To limit what the user can access use directory and limit directives instead.

Link to comment
  • 1 month later...

So I have to following problem with this plugin. I need an ftp share for my security cam to upload its footage.

 

Using newest version of ProFTPd > 2020.03.10.1

Username: cam

User Description: ftpuser /mnt/user/cam

 

All works fine till suddenly the plugin seems to crash and the security cam writes to /home/cam/ instead of /mnt/user/cam.

Since /home/cam/ is in RAM it keeps on writing till my RAM is full and then the unraid webinterface is not longer reachable due to "no space to write".

The only solution so far is to manually delete the content of /home/cam via ssh to make the webinterface working again and after that restart the ProFTPd Plugin in the webinterface. It it possible that the plugin does not "survive" a stop and restart of the array?

 

As a dirty solution I created a symlink of /mnt/user/cam in /home/cam that it also writes to the right place even if the plugin fails again. 

Edited by Retrogamer137
Link to comment

@Retrogamer137

This is the support thread, but I'm not reading it regularly and depend on the notifications mostly. Sometimes they sadly fail. I got no info on your first post, but for the second one it worked.

 

To answer your questions, stopping and restarting the array will stop and restart the plugin, too. So is it really crashing or are you "killing" it manually? Under normal circumstances however, the plugin should start automatically, when the array is started again. So if you have to manually restart it, something is indeed going wrong.

 

(A bit of explanation: In stopped array mode, only the flash and no user or disk shares are accessible. No shares means, no sources available to read or write and so it wouldn't make sense to keep the plugin running.)

 

As there are no shares available when stopped, it makes me wonder if your symlink will really work, if you start and stop the array manually?

 

If you have still trouble, I'll need your diagnostics file, to try and find the reason.

Link to comment
  • 3 weeks later...
  • 1 month later...

Hey there,

I just installed the plugin and follwed the setup instructions to the point where I can connect via filezilla to my server. But if I want to upload some files, I get the following error 

Status:	Started upload of E:\Cliffford\images\background.png
Command:	PASV
Response:	227 Entering Passive Mode (192,168,2,184,151,167).
Command:	STOR background.png
Response:	550 background.png: Permission denied
Error:	critical file transfer error

 

Edited by Obscuritas
Link to comment

@Obscuritas

The error message indicates permission problems. What are the linux user and permissions for the folder where you want to upload the file? Default unRAID user and permissions are user:nobody group: users and u-x,go-rwx,go+u,ugo+X. You can achieve this by running the newperms script for that directory e. g. newperms /mnt/user/targetdir.

Link to comment
  • 1 month later...

How do i give access to multiple folders while restricting access to 1?

 

I have a folder called Folder A, Folder B, and Folder C Inside of Folder D

 

I only want that user to have access to Folder A and B but not C

 

putting /mnt/Folder D gives them access to folders A,B,C

 

Edit: Figured it out

I added this to my config file at flash/config/plugins/ProFTPd/proftpd.conf

 

MAKE SURE YOU EDIT THE .conf AND NOT THE .cfg! both the same name but one is all lowercase and one is a mix of upper and lower :)

 

<Directory /mnt/user/Folder D>

  <Limit ALL>

      AllowUser User

      DenyAll

  </Limit>

</Directory>

 

Now only the User "User" can see Folder C while others users do not see the folder at all :)

Edited by SkinnySkelly
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.