May 9, 20206 yr Author @Squazz Don't mix Samba access rights you define in the unRAID web frontend with ftp access rights. Those need to be set independently. See the link I gave Gee1 above.
May 9, 20206 yr Author @Gee1 <Directory /mnt/cache/FTP/test> <Limit WRITE> DenyAll </Limit> </Directory> <Directory /mnt/cache/FTP/test/movies> <Limit WRITE> AllowAll </Limit> </Directory> <Directory /mnt/cache/FTP/test/sf> <Limit WRITE> AllowAll </Limit> </Directory> Should give your users readonly access to the test directory and full access to movies and sf. Sadly I found no way to allow access to all subfolders. In theory there is the /* wildcard described in the link I gave you, but it does work too well and allows access in the root folder, too. @Squazz Using the first directory section only, will give you users readonly access and prevent them from writing. EDIT: Forgot to say, this needs to be put into your /etc/proftpd.conf. Edited May 9, 20206 yr by SlrG added comment
May 10, 20206 yr for anyone who wants to turn on the appending of file transfers (you'll get the error "Append/Restart not permitted, try again" you need to add the following to the config file proftpd.confg AllowStoreRestart on http://www.proftpd.org/docs/directives/linked/config_ref_AllowStoreRestart.html Edited May 10, 20206 yr by nate1749
May 22, 20206 yr Hello, I am currently having issues getting sftp setup. I got it working before, but now Proftpd won't load, so I revisisted your steps. I created an ssh key and followed that guide, and that did not work, I remembered something about having to do it on another linux machine, so I created a new key and followed the steps again. Unraid Version 6.8.0 and Ubuntu 19.10 for ssh-key gen and Plugin Version: 2020.03.10.1. I am currently getting the following errors - proftpd -t -c /etc/proftpd.conf Checking syntax of configuration file 2020-05-22 14:59:08,550 Tower proftpd[5571]: mod_ctrls/0.9.5: error: unable to bind to local socket: Address already in use 2020-05-22 14:59:11,638 Tower proftpd[5571] 127.0.0.1: mod_lang/1.1: unable to scan the localised files in '/usr/local/share/locale': No such file or directory Wrong passphrase for this key. Please try again. Wrong passphrase for this key. Please try again. Wrong passphrase for this key. Please try again. 2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/ssh/sftp_rsa_key': (unknown) 2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/ssh/sftp_rsa_key', exiting Just in case heres my proftpd.conf # Server Settings ServerName ProFTPd ServerType standalone DefaultServer on PidFile /var/run/ProFTPd/ProFTPd.pid # Port 21 is the standard FTP port. You propably should not connect to the # internet with this port. Make your router forward another port to # this one instead. Port 21 # Set the user and group under which the server will run. User nobody Group users # Prevent DoS attacks MaxInstances 30 # Speedup Login UseReverseDNS off IdentLookups off # Control Logging - comment and uncomment as needed # If logging Directory is world writeable the server won't start! # If no SystemLog is defined proftpd will log to servers syslog. #SystemLog NONE #SystemLog /boot/config/plugins/ProFTPd/slog TransferLog NONE #TransferLog /boot/config/plugins/ProFTPd/xferlog WtmpLog NONE # As a security precaution prevent root and other users in # /etc/ftpuser from accessing the FTP server. UseFtpUsers on RootLogin off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # "Jail" FTP-Users into their home directory. (chroot) # The root directory has to be set in the description field # when defining an user: # ftpuser /mnt/cache/FTP # See README for more information. DefaultRoot ~ # Shell has to be set when defining an user. As a security precaution # it is set to "/bin/false" as FTP-Users should not have shell access. # This setting makes proftpd accept invalid shells. RequireValidShell no # Normally, we want files to be overwriteable. AllowOverwrite on <IfModule mod_sftp.c> SFTPEngine on Port 2222 SFTPLog /var/log/sftp.log SFTPHostKey /etc/ssh/sftp_rsa_key SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keys SFTPAuthMethods publickey SFTPKeyBlacklist none SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem </IfModule> Edited May 22, 20206 yr by jareth
May 25, 20206 yr I have proftpd installed and running locally (i.e. I can access files from Filezilla). I'd like to setup my webserver to access proftpd using a VPN. Which VPN is recommended as least hackable?
May 25, 20206 yr I am trying to add access to a disk outside of the array that is mounted using Unassigned devices. Is that possible?
May 25, 20206 yr Author @jareth I have no answer yet. I don't use sftp or ssl myself and need to setup it again, to test. Sadly my personal life is very busy at the moment. @jeffreywhunter If I would try at the moment, I would probably go with wireguard. I was using OpenVPN for a while. Other than that, I don't really know other solutions. @kricker This should be possible. Either define your user with ftpuser in description only, so it won't get jailed and has access to all unRAID, or use the mountscript to mount your outside disk into an folder your user can access.
May 28, 20206 yr On 5/25/2020 at 4:03 PM, SlrG said: @kricker This should be possible. Either define your user with ftpuser in description only, so it won't get jailed and has access to all unRAID, or use the mountscript to mount your outside disk into an folder your user can access. I tried setting the users directory to that disk mount point such as ftpuser /mnt/disks/test, but that didn't seem to work. The users account still went to /mnt/usr and saw all the shares as normal. I'll try those two options you mentioned. Thanks! I think I must have something in my config file keeping everyone jailed to /mn/usr, because setting anyone to just ftpuser has the same result. I'll do some diggining. Edited May 28, 20206 yr by kricker
May 31, 20206 yr Author @kricker It won't really help you, if I say it works for me, but maybe I can describe my setup a bit. I have a ssd drive outside my array which is mounted to /mnt/appdrive in my go file. So I'm not using unassigned devices, though I have that installed, too. I have it this way a long time, as it was the only way as the plugin did not exist then - but I don't think it matters in what way the disk is mounted - though the time of the mount could matter. I did not investigate if the go file or the plugin will mount earlier. When I put ftpuser /mnt/appdrive as comment and restart the plugin it works fine and jails that user into the appdrive folder. What I did notice however is, that it takes quite a bit of time for the jail to take effect. So maybe give it a minute after putting the comment and restarting the plugin and give it another minute, before trying to login.
June 13, 20206 yr I use the Dark skin on Unraid. But when i loadup proftpd it has a white background and cant read anything on it. Locally i got it working i can connect to the ftp and all. But from extern i cant connect to it. The way my setup is and it worked and works currently for other things. i use PFsense and made an alias and have a few ip's in there and only those ips can connect to the ftp. i want to move from my Qnap FTP to my Unraid proftpd ftp. everything works except connections from extern. Edited June 13, 20206 yr by KoNeko new problem
June 14, 20206 yr Author @KoNeko Yes, only the white theme is supported currently. As the plugins settings are very much setup and forget and you have it running locally already, there is nothing in the plugins settings, you could change to make external connections work. The restart button is probably the most needed function after initial setup and that should be readable and usable in the black theme, too. Supporting the themes is still on my TODO list, but sadly I have no time to work on it for the foreseeable future. Sorry for the inconvenience. Regarding the external connection, do you have the default proftpd.conf file or have you made changes to use encrypted ftp? If you did not, it is probably solely a firewall problem as it is working locally already. Is the pfSense firewall the only one filtering external access to your home network? Nothing on your cable router (or whatever you are using to connect)? If port 21 is available properly, it might be, that you need to define a passive port range in your proftpd.conf and allow that too, in the firewall. I have no pfSense, so I can't tell you how to do it. p.s. Don't forget to restart the proftpd service, after changing the proftpd.conf, or the change will have no immediate effect. Edited June 14, 20206 yr by SlrG added p.s.
June 14, 20206 yr 1 hour ago, SlrG said: @KoNeko Yes, only the white theme is supported currently. As the plugins settings are very much setup and forget and you have it running locally already, there is nothing in the plugins settings, you could change to make external connections work. The restart button is probably the most needed function after initial setup and that should be readable and usable in the black theme, too. Supporting the themes is still on my TODO list, but sadly I have no time to work on it for the foreseeable future. Sorry for the inconvenience. Regarding the external connection, do you have the default proftpd.conf file or have you made changes to use encrypted ftp? If you did not, it is probably solely a firewall problem as it is working locally already. Is the pfSense firewall the only one filtering external access to your home network? Nothing on your cable router (or whatever you are using to connect)? If port 21 is available properly, it might be, that you need to define a passive port range in your proftpd.conf and allow that too, in the firewall. I have no pfSense, so I can't tell you how to do it. p.s. Don't forget to restart the proftpd service, after changing the proftpd.conf, or the change will have no immediate effect. it isnt a big problem like you said its only if you want to start/restart the server. and it isnt a very high prio to fix that either Yes i figured that out that i had to add the passive port in the config. I ran multiple proftp server but never had to do this So was a bit confused. :) i wanted to edit my post that i had it fixed but it was already too late here and went to sleep.
June 14, 20206 yr Having issues connecting to FTP via filezilla or other apps (like iOS FTP photo transfer). I'm using NoIP on my raid box and have a DDNS setup. I've confirmed that my ddns address is resolving into my router. Also confirmed that port 21 is open on my WAN using a port check tool. Someone mentioned in a previous post about not opening port 21, but rather opening a different port, than re-directing that to port 21 on my raid. If I open port xxxx on my router, how do I then specify that I want those requests going to port 21 on my unraid box? Validated via command line on my local machine that the FTP daemon is running by doing ftp 192.xxx.xx.xxx to check that FTP is running on my raid box. I can login with the specified ftpuser name and password and received a code 230 from command line that I was able to get in. My syslog / diagnostics is attached. Thanks in advance for any help! Reason I use FTP is via an iOS app (mebiaFTP) to transfer all media files from our phones into the unraid media library. unraid-diagnostics-20200614-1453.zip
June 15, 20206 yr 10 hours ago, pixelgraft said: If I open port xxxx on my router, how do I then specify that I want those requests going to port 21 on my unraid box? Different for every router, but when you open up port xxxx you hopefully should have some kind of "from port" and "to port" option. xxxx would be in "from" and 21 would be in "to". Then, all traffic coming in on port xxxx would go to your unraid IP on port 21. Hard to say without seeing the router what the actual settings are (or if it's configured elsewhere in a port forwarding section, or if it supports it in the first place - should do).
June 15, 20206 yr Completely understand - thank you for the detailed reply. I used to have this feature, but now my ISP Comcast locked that down in the router and forces me to use their silly web interface in the customer portal. I can only setup the "to" port. No longer a from and to. I'll reach out to them.
June 17, 20206 yr I having issues to connect with duplicati to proftpd. The answer is 451 Transfer aborted. Broken pipe. Filezilla is working fine and als a script made in python is working fine. Only dupliacti is making trouble. Do you have any idea?
June 20, 20206 yr Author @Karatekid Sadly no. You could try to enable debug logging in your /etc/proftpd.conf file, by adding: DebugLevel 10 Afterwards restart the ProFTPd server in the plugins settings and after trying duplicati again, check your syslog if it contains something more useful info on why it breaks.
July 20, 20205 yr I've installed this plugin in the past on another server, but on the server I'm currently setting up I'm getting the following error. plugin: installing: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg plugin: downloading https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg plugin: downloading: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg ... done Cleaning up previous install files... Executing selfremoval commands if present... ...Cleanup complete! Downloading any missing plugin files... Latest plugin control files downloading ...Unable to download missing plugin control files. Aborting install plugin: run failed: /bin/bash retval: 1 I found a previous reply in this thread that seemed like it would be the fix, but the provided links don't seem to work anymore. Quote It seems the download of the plugin control files fails from github. Please download them manually from here into /boot/config/plugins/ProFTPd. Manually create the directory if it does not exist. If the dependency download fails too, download the file manually from here. Afterwards the plugin should install I think. If not, please report again. Any insights that could help get me back on the right path?
July 20, 20205 yr Author Well if the download fails, it is often because of dns or firewall issues. Can you download things from github to the server manually from the command line with wget? Are there any error messages if you try? The current download paths are: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg https://github.com/SlrG/unRAID/raw/master/AppSupport/ProFTPd/ProFTPd-SlrG-Control-1.7.tar.gz https://github.com/SlrG/unRAID/raw/master/AppSupport/ProFTPd/ProFTPd-SlrG-Dependency-1.7_x64.tar.gz If you download the last two into /boot/config/plugins/ProFTPd, it should start working, too.
July 20, 20205 yr Using wget to download the two additional archives directly to /boot/config/plugins/ProFTPd did the trick, thanks!
July 21, 20205 yr Hey Guys, I fount out that when I add a new user, it will get the full access to / Is that normal?
July 21, 20205 yr Author @Kevin who Yes it is, if you don't define a directory to jail your user into. Please check the readme.
July 21, 20205 yr Hello guys! i have this trouble: install the plug in 1.3.6 in unraid 6.8.3 and i cant acces the web server interface. i think the problem is a didnt fill th Webserver Path variable, but i dont know what to put there, can you hep me? thank a lot!!
July 21, 20205 yr Author @fabrizzium Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf) @Pducharme Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken. Edited July 21, 20205 yr by SlrG added comment for @Pducharme
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.