SlrG Posted May 9, 2020 Author Share Posted May 9, 2020 @Squazz Don't mix Samba access rights you define in the unRAID web frontend with ftp access rights. Those need to be set independently. See the link I gave Gee1 above. Quote Link to comment
SlrG Posted May 9, 2020 Author Share Posted May 9, 2020 (edited) @Gee1 <Directory /mnt/cache/FTP/test> <Limit WRITE> DenyAll </Limit> </Directory> <Directory /mnt/cache/FTP/test/movies> <Limit WRITE> AllowAll </Limit> </Directory> <Directory /mnt/cache/FTP/test/sf> <Limit WRITE> AllowAll </Limit> </Directory> Should give your users readonly access to the test directory and full access to movies and sf. Sadly I found no way to allow access to all subfolders. In theory there is the /* wildcard described in the link I gave you, but it does work too well and allows access in the root folder, too. @Squazz Using the first directory section only, will give you users readonly access and prevent them from writing. EDIT: Forgot to say, this needs to be put into your /etc/proftpd.conf. Edited May 9, 2020 by SlrG added comment Quote Link to comment
nate1749 Posted May 10, 2020 Share Posted May 10, 2020 (edited) for anyone who wants to turn on the appending of file transfers (you'll get the error "Append/Restart not permitted, try again" you need to add the following to the config file proftpd.confg AllowStoreRestart on http://www.proftpd.org/docs/directives/linked/config_ref_AllowStoreRestart.html Edited May 10, 2020 by nate1749 1 Quote Link to comment
jareth Posted May 22, 2020 Share Posted May 22, 2020 (edited) Hello, I am currently having issues getting sftp setup. I got it working before, but now Proftpd won't load, so I revisisted your steps. I created an ssh key and followed that guide, and that did not work, I remembered something about having to do it on another linux machine, so I created a new key and followed the steps again. Unraid Version 6.8.0 and Ubuntu 19.10 for ssh-key gen and Plugin Version: 2020.03.10.1. I am currently getting the following errors - proftpd -t -c /etc/proftpd.conf Checking syntax of configuration file 2020-05-22 14:59:08,550 Tower proftpd[5571]: mod_ctrls/0.9.5: error: unable to bind to local socket: Address already in use 2020-05-22 14:59:11,638 Tower proftpd[5571] 127.0.0.1: mod_lang/1.1: unable to scan the localised files in '/usr/local/share/locale': No such file or directory Wrong passphrase for this key. Please try again. Wrong passphrase for this key. Please try again. Wrong passphrase for this key. Please try again. 2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/ssh/sftp_rsa_key': (unknown) 2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/ssh/sftp_rsa_key', exiting Just in case heres my proftpd.conf # Server Settings ServerName ProFTPd ServerType standalone DefaultServer on PidFile /var/run/ProFTPd/ProFTPd.pid # Port 21 is the standard FTP port. You propably should not connect to the # internet with this port. Make your router forward another port to # this one instead. Port 21 # Set the user and group under which the server will run. User nobody Group users # Prevent DoS attacks MaxInstances 30 # Speedup Login UseReverseDNS off IdentLookups off # Control Logging - comment and uncomment as needed # If logging Directory is world writeable the server won't start! # If no SystemLog is defined proftpd will log to servers syslog. #SystemLog NONE #SystemLog /boot/config/plugins/ProFTPd/slog TransferLog NONE #TransferLog /boot/config/plugins/ProFTPd/xferlog WtmpLog NONE # As a security precaution prevent root and other users in # /etc/ftpuser from accessing the FTP server. UseFtpUsers on RootLogin off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # "Jail" FTP-Users into their home directory. (chroot) # The root directory has to be set in the description field # when defining an user: # ftpuser /mnt/cache/FTP # See README for more information. DefaultRoot ~ # Shell has to be set when defining an user. As a security precaution # it is set to "/bin/false" as FTP-Users should not have shell access. # This setting makes proftpd accept invalid shells. RequireValidShell no # Normally, we want files to be overwriteable. AllowOverwrite on <IfModule mod_sftp.c> SFTPEngine on Port 2222 SFTPLog /var/log/sftp.log SFTPHostKey /etc/ssh/sftp_rsa_key SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keys SFTPAuthMethods publickey SFTPKeyBlacklist none SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem </IfModule> Edited May 22, 2020 by jareth Quote Link to comment
jeffreywhunter Posted May 25, 2020 Share Posted May 25, 2020 I have proftpd installed and running locally (i.e. I can access files from Filezilla). I'd like to setup my webserver to access proftpd using a VPN. Which VPN is recommended as least hackable? Quote Link to comment
kricker Posted May 25, 2020 Share Posted May 25, 2020 I am trying to add access to a disk outside of the array that is mounted using Unassigned devices. Is that possible? Quote Link to comment
SlrG Posted May 25, 2020 Author Share Posted May 25, 2020 @jareth I have no answer yet. I don't use sftp or ssl myself and need to setup it again, to test. Sadly my personal life is very busy at the moment. @jeffreywhunter If I would try at the moment, I would probably go with wireguard. I was using OpenVPN for a while. Other than that, I don't really know other solutions. @kricker This should be possible. Either define your user with ftpuser in description only, so it won't get jailed and has access to all unRAID, or use the mountscript to mount your outside disk into an folder your user can access. Quote Link to comment
kricker Posted May 28, 2020 Share Posted May 28, 2020 (edited) On 5/25/2020 at 4:03 PM, SlrG said: @kricker This should be possible. Either define your user with ftpuser in description only, so it won't get jailed and has access to all unRAID, or use the mountscript to mount your outside disk into an folder your user can access. I tried setting the users directory to that disk mount point such as ftpuser /mnt/disks/test, but that didn't seem to work. The users account still went to /mnt/usr and saw all the shares as normal. I'll try those two options you mentioned. Thanks! I think I must have something in my config file keeping everyone jailed to /mn/usr, because setting anyone to just ftpuser has the same result. I'll do some diggining. Edited May 28, 2020 by kricker Quote Link to comment
SlrG Posted May 31, 2020 Author Share Posted May 31, 2020 @kricker It won't really help you, if I say it works for me, but maybe I can describe my setup a bit. I have a ssd drive outside my array which is mounted to /mnt/appdrive in my go file. So I'm not using unassigned devices, though I have that installed, too. I have it this way a long time, as it was the only way as the plugin did not exist then - but I don't think it matters in what way the disk is mounted - though the time of the mount could matter. I did not investigate if the go file or the plugin will mount earlier. When I put ftpuser /mnt/appdrive as comment and restart the plugin it works fine and jails that user into the appdrive folder. What I did notice however is, that it takes quite a bit of time for the jail to take effect. So maybe give it a minute after putting the comment and restarting the plugin and give it another minute, before trying to login. Quote Link to comment
KoNeko Posted June 13, 2020 Share Posted June 13, 2020 (edited) I use the Dark skin on Unraid. But when i loadup proftpd it has a white background and cant read anything on it. Locally i got it working i can connect to the ftp and all. But from extern i cant connect to it. The way my setup is and it worked and works currently for other things. i use PFsense and made an alias and have a few ip's in there and only those ips can connect to the ftp. i want to move from my Qnap FTP to my Unraid proftpd ftp. everything works except connections from extern. Edited June 13, 2020 by KoNeko new problem Quote Link to comment
SlrG Posted June 14, 2020 Author Share Posted June 14, 2020 (edited) @KoNeko Yes, only the white theme is supported currently. As the plugins settings are very much setup and forget and you have it running locally already, there is nothing in the plugins settings, you could change to make external connections work. The restart button is probably the most needed function after initial setup and that should be readable and usable in the black theme, too. Supporting the themes is still on my TODO list, but sadly I have no time to work on it for the foreseeable future. Sorry for the inconvenience. Regarding the external connection, do you have the default proftpd.conf file or have you made changes to use encrypted ftp? If you did not, it is probably solely a firewall problem as it is working locally already. Is the pfSense firewall the only one filtering external access to your home network? Nothing on your cable router (or whatever you are using to connect)? If port 21 is available properly, it might be, that you need to define a passive port range in your proftpd.conf and allow that too, in the firewall. I have no pfSense, so I can't tell you how to do it. p.s. Don't forget to restart the proftpd service, after changing the proftpd.conf, or the change will have no immediate effect. Edited June 14, 2020 by SlrG added p.s. Quote Link to comment
KoNeko Posted June 14, 2020 Share Posted June 14, 2020 1 hour ago, SlrG said: @KoNeko Yes, only the white theme is supported currently. As the plugins settings are very much setup and forget and you have it running locally already, there is nothing in the plugins settings, you could change to make external connections work. The restart button is probably the most needed function after initial setup and that should be readable and usable in the black theme, too. Supporting the themes is still on my TODO list, but sadly I have no time to work on it for the foreseeable future. Sorry for the inconvenience. Regarding the external connection, do you have the default proftpd.conf file or have you made changes to use encrypted ftp? If you did not, it is probably solely a firewall problem as it is working locally already. Is the pfSense firewall the only one filtering external access to your home network? Nothing on your cable router (or whatever you are using to connect)? If port 21 is available properly, it might be, that you need to define a passive port range in your proftpd.conf and allow that too, in the firewall. I have no pfSense, so I can't tell you how to do it. p.s. Don't forget to restart the proftpd service, after changing the proftpd.conf, or the change will have no immediate effect. it isnt a big problem like you said its only if you want to start/restart the server. and it isnt a very high prio to fix that either Yes i figured that out that i had to add the passive port in the config. I ran multiple proftp server but never had to do this So was a bit confused. :) i wanted to edit my post that i had it fixed but it was already too late here and went to sleep. Quote Link to comment
pixelgraft Posted June 14, 2020 Share Posted June 14, 2020 Having issues connecting to FTP via filezilla or other apps (like iOS FTP photo transfer). I'm using NoIP on my raid box and have a DDNS setup. I've confirmed that my ddns address is resolving into my router. Also confirmed that port 21 is open on my WAN using a port check tool. Someone mentioned in a previous post about not opening port 21, but rather opening a different port, than re-directing that to port 21 on my raid. If I open port xxxx on my router, how do I then specify that I want those requests going to port 21 on my unraid box? Validated via command line on my local machine that the FTP daemon is running by doing ftp 192.xxx.xx.xxx to check that FTP is running on my raid box. I can login with the specified ftpuser name and password and received a code 230 from command line that I was able to get in. My syslog / diagnostics is attached. Thanks in advance for any help! Reason I use FTP is via an iOS app (mebiaFTP) to transfer all media files from our phones into the unraid media library. unraid-diagnostics-20200614-1453.zip Quote Link to comment
Cessquill Posted June 15, 2020 Share Posted June 15, 2020 10 hours ago, pixelgraft said: If I open port xxxx on my router, how do I then specify that I want those requests going to port 21 on my unraid box? Different for every router, but when you open up port xxxx you hopefully should have some kind of "from port" and "to port" option. xxxx would be in "from" and 21 would be in "to". Then, all traffic coming in on port xxxx would go to your unraid IP on port 21. Hard to say without seeing the router what the actual settings are (or if it's configured elsewhere in a port forwarding section, or if it supports it in the first place - should do). Quote Link to comment
pixelgraft Posted June 15, 2020 Share Posted June 15, 2020 Completely understand - thank you for the detailed reply. I used to have this feature, but now my ISP Comcast locked that down in the router and forces me to use their silly web interface in the customer portal. I can only setup the "to" port. No longer a from and to. I'll reach out to them. Quote Link to comment
Karatekid Posted June 17, 2020 Share Posted June 17, 2020 I having issues to connect with duplicati to proftpd. The answer is 451 Transfer aborted. Broken pipe. Filezilla is working fine and als a script made in python is working fine. Only dupliacti is making trouble. Do you have any idea? Quote Link to comment
SlrG Posted June 20, 2020 Author Share Posted June 20, 2020 @Karatekid Sadly no. You could try to enable debug logging in your /etc/proftpd.conf file, by adding: DebugLevel 10 Afterwards restart the ProFTPd server in the plugins settings and after trying duplicati again, check your syslog if it contains something more useful info on why it breaks. Quote Link to comment
Hazel Posted July 20, 2020 Share Posted July 20, 2020 I've installed this plugin in the past on another server, but on the server I'm currently setting up I'm getting the following error. plugin: installing: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg plugin: downloading https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg plugin: downloading: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg ... done Cleaning up previous install files... Executing selfremoval commands if present... ...Cleanup complete! Downloading any missing plugin files... Latest plugin control files downloading ...Unable to download missing plugin control files. Aborting install plugin: run failed: /bin/bash retval: 1 I found a previous reply in this thread that seemed like it would be the fix, but the provided links don't seem to work anymore. Quote It seems the download of the plugin control files fails from github. Please download them manually from here into /boot/config/plugins/ProFTPd. Manually create the directory if it does not exist. If the dependency download fails too, download the file manually from here. Afterwards the plugin should install I think. If not, please report again. Any insights that could help get me back on the right path? Quote Link to comment
SlrG Posted July 20, 2020 Author Share Posted July 20, 2020 Well if the download fails, it is often because of dns or firewall issues. Can you download things from github to the server manually from the command line with wget? Are there any error messages if you try? The current download paths are: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg https://github.com/SlrG/unRAID/raw/master/AppSupport/ProFTPd/ProFTPd-SlrG-Control-1.7.tar.gz https://github.com/SlrG/unRAID/raw/master/AppSupport/ProFTPd/ProFTPd-SlrG-Dependency-1.7_x64.tar.gz If you download the last two into /boot/config/plugins/ProFTPd, it should start working, too. Quote Link to comment
Hazel Posted July 20, 2020 Share Posted July 20, 2020 Using wget to download the two additional archives directly to /boot/config/plugins/ProFTPd did the trick, thanks! Quote Link to comment
Kevin who Posted July 21, 2020 Share Posted July 21, 2020 Hey Guys, I fount out that when I add a new user, it will get the full access to / Is that normal? Quote Link to comment
SlrG Posted July 21, 2020 Author Share Posted July 21, 2020 @Kevin who Yes it is, if you don't define a directory to jail your user into. Please check the readme. Quote Link to comment
fabrizzium Posted July 21, 2020 Share Posted July 21, 2020 Hello guys! i have this trouble: install the plug in 1.3.6 in unraid 6.8.3 and i cant acces the web server interface. i think the problem is a didnt fill th Webserver Path variable, but i dont know what to put there, can you hep me? thank a lot!! Quote Link to comment
Pducharme Posted July 21, 2020 Share Posted July 21, 2020 @fabrizzium I never was able! I tought that the Web UI wasn't implemented. Quote Link to comment
SlrG Posted July 21, 2020 Author Share Posted July 21, 2020 (edited) @fabrizzium Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf) @Pducharme Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken. Edited July 21, 2020 by SlrG added comment for @Pducharme Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.