added subdomain - but how to add ftp user?

6 posts / 0 new
Last post
#1 Tue, 06/06/2006 - 10:02
DavidTran

added subdomain - but how to add ftp user?

hi all

i have just added a subdomain for my site, and it worked fine, i can type in http://subdomain.mysite.com and it brings up the apache welcome page

but i added a user and ticked allow ftp login

but it doesn't work/seem to have done anything

should the ftp address be ftp.mysite.com or ftp.subdomain.mysite.com? i tried both to no affect

the username and password should be the same?

all i get in /var/log/messages is PAM authentication failed

thanks dave

Tue, 06/06/2006 - 10:15
DavidTran

ooops
using proftp 1.210
fedora core 4
webmin 1.270
virtualmin 2.6.11

most everything should be set to default

Tue, 06/06/2006 - 12:48
Joe
Joe's picture

Hey David,

There's quite a few things that can go wrong in ProFTPd configuration. It's hard to guess which one applies to your case.

Here's a few things to check:

Is the user's shell listed in /etc/shells? It has to be for an FTP login to be allowed.

Are you sure ProFTPd has a working PAM configuration? This can be tricky, and the default pam configuration that comes with the source ProFTPd tarball doesn't work on all distributions (I've been bitten by this one myself) and environments. And, of course, if installed from source, you may have missed the PAM configuration step.

Beyond that, you should check the logs on proftpd startup for errors.

I'll also point out that for administering the domain, you should use the domain user account--not add a new user (though it is possible to create additional administrative users). So, to administer subdomain.domain.tld, you would login as the subdomain (or subdomain.domain.tld) user. You also don't need to use any special address. subdomain.domain.tld will work, assuming DNS is configured correctly at your registrar and is working on your server.

And, though I'll happily try to help you get FTP working, FTP is <i>never recommended for any purpose</i>. The SSH-based protocols are more secure, and FTP over SSH looks identical to FTP from an end user perspective, assuming your client software supports it.

--

Check out the forum guidelines!

Tue, 06/06/2006 - 19:54
DavidTran

thanks Joe

i changed the shell to /etc/shells, and the ftp address to subdomain.mysite.com

i'm pretty sure proftp works, it works for my main web site

i installed it via yum, webmin was installed via rpm, and virtualmin was installed via wbm

the only error i get in /var/log/messages is PAM authentication error
the new user is a in the same group as the main domain user

the reason, i created a new user is because the subdomain is for my brother, and i want him to login only to the subdomain and not to my main site

also, i understand the security advantages of sftp, but it's too slow in my mind, i think the speed advantage outweighs the security risk for me

thanks
dave

Wed, 06/07/2006 - 01:01 (Reply to #4)
Joe
Joe's picture

Hey Dave,

I think you misunderstood me on this one:

I said: <i>Is the user's shell listed in /etc/shells? It has to be for an FTP login to be allowed.</i>

You said: <i>i changed the shell to /etc/shells, and the ftp address to subdomain.mysite.com</i>

Not quite what I had in mind. ;-)

The users shell (whatever it is) needs to be <i>listed</i> in the file /etc/shells. It can't <i>be</i> /etc/shells. That won't work better than anything else not listed in /etc/shells.

On my system:

[[joe@delilah themes]]$ cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/ash
/bin/bsh
/bin/ksh
/usr/bin/ksh
/usr/bin/pdksh
/bin/tcsh
/bin/csh
/bin/false
/bin/ibsh

So, my FTP users (assuming I ever used FTP or allowed FTP access) could have any of those shells--and no others. If I add another shell to the system I need to add it to the list in /etc/shells.

<i>i'm pretty sure proftp works, it works for my main web site</i>

This almost certainly means you had given the user a shell that is not in /etc/shells.

<i>the reason, i created a new user is because the subdomain is for my brother, and i want him to login only to the subdomain and not to my main site</i>

Give him his own domain, not a subdomain. It can still be named subdomain.domain.tld...but it won't share any data or access. This is what you want to happen. When you create a domain owned by another domain, the goal is to share data. What the domain names are is irrelevant. In other words, you're chasing the wrong problem. ;-)

Nonetheless, it's worth addressing the one you have run into...I strongly suspect getting the shell right will fix the problem (but it will still give your brother different access than you want).

<i>also, i understand the security advantages of sftp, but it's too slow in my mind, i think the speed advantage outweighs the security risk for me</i>

There should be no noticeable speed difference between FTP over SSH and FTP on any hardware less than ten years old. In fact, SSH-based protocols can be faster in some circumstances because they support compression while traditional FTP does not. If you are seeing FTP seem faster than an SSH based session, your system has configuration problems, probably related to DNS. (Initial login is slightly slower, due to negotiation of keys, but it's not terribly noticeable by humans).

--

Check out the forum guidelines!

Wed, 06/07/2006 - 01:21 (Reply to #5)
DavidTran

ahhh, hehe, thanks

i get it now, cool, i just created a new virtual server for him with the subdomain.domain.com url

btw, the sftp speed issue is not on the server side i don't think
i think it's my client

thanks again