Gecko [ www.thearyasamaj.org ]

Name	Size	Permission
ASCII.html	3.71 KB	-rw-r--r--
AWS.html	26.05 KB	-rw-r--r--
AuthFiles.html	9.54 KB	-rw-r--r--
Authentication.html	15.32 KB	-rw-r--r--
BCP.html	13.7 KB	-rw-r--r--
Chroot.html	14.27 KB	-rw-r--r--
Classes.html	5.92 KB	-rw-r--r--
Compiling.html	34.11 KB	-rw-r--r--
ConfigFile.html	16.47 KB	-rw-r--r--
ConfigurationTricks.html	16.54 KB	-rw-r--r--
ConnectionACLs.html	6.84 KB	-rw-r--r--
Controls.html	11.95 KB	-rw-r--r--
CreateHome.html	7.79 KB	-rw-r--r--
DNS.html	6.92 KB	-rw-r--r--
DSO.html	14.9 KB	-rw-r--r--
Debugging.html	12.47 KB	-rw-r--r--
Directory.html	10.89 KB	-rw-r--r--
DisplayFiles.html	6.69 KB	-rw-r--r--
ECCN.html	4.73 KB	-rw-r--r--
FTP.html	16.09 KB	-rw-r--r--
FXP.html	5.57 KB	-rw-r--r--
Filters.html	7.93 KB	-rw-r--r--
Globbing.html	5.53 KB	-rw-r--r--
KeepAlives.html	19.68 KB	-rw-r--r--
Limit.html	15.08 KB	-rw-r--r--
ListOptions.html	6.18 KB	-rw-r--r--
LogLevels.html	5.08 KB	-rw-r--r--
LogMessages.html	14.89 KB	-rw-r--r--
Logging.html	22.37 KB	-rw-r--r--
Memcache.html	9.04 KB	-rw-r--r--
NAT.html	11.15 KB	-rw-r--r--
Nonroot.html	4.23 KB	-rw-r--r--
Quotas.html	17.17 KB	-rw-r--r--
Radius.html	17.35 KB	-rw-r--r--
Redis.html	8.53 KB	-rw-r--r--
Regex.html	22.23 KB	-rw-r--r--
Rewrite.html	16.8 KB	-rw-r--r--
SQL.html	40.55 KB	-rw-r--r--
SSH.html	5.14 KB	-rw-r--r--
Scoreboard.html	9.11 KB	-rw-r--r--
Sendfile.html	7.34 KB	-rw-r--r--
ServerType.html	10.45 KB	-rw-r--r--
Stopping.html	10.31 KB	-rw-r--r--
TLS.html	58.93 KB	-rw-r--r--
Testing.html	8.73 KB	-rw-r--r--
Timestamps.html	6.71 KB	-rw-r--r--
Tracing.html	8.68 KB	-rw-r--r--
Translations.html	3.52 KB	-rw-r--r--
Umask.html	9.16 KB	-rw-r--r--
Upgrade.html	2.14 KB	-rw-r--r--
Versioning.html	5.41 KB	-rw-r--r--
Vhost.html	11.55 KB	-rw-r--r--
VirtualUsers.html	8.8 KB	-rw-r--r--
ftpaccess.html	2.03 KB	-rw-r--r--
index.html	10.45 KB	-rw-r--r--

Code Editor : Nonroot.html

<!DOCTYPE html>
<html>
<head>
<title>ProFTPD: Running by Nonroot User</title>
</head>

<hr>
<center><h2>ProFTPD: Running as a Nonroot User</h2></center>
<hr>

Occasionally, one might want to run ProFTPD on a system where root privs
are not available to you as a user. It is still possible to setup a
functioning FTP server without root privileges. There are a few catches
and special considerations for this, however.

Here are the configuration directives that you will need to use in order
to run the server without root privileges:

<ul>
 <li><code>Port</code> 
 This needs to be a number greater than 1023. Lower number ports require
 root privileges in order for the process to bind to that address. This
 will also mean that clients wishing to contact your server will need to
 know the port on which it is listening. Most FTP clients connect to the
 standard FTP port (21).
 
 
 Example:
<pre>
 Port 20021
</pre>
 </li>
 
 <li><code>AuthUserFile, AuthGroupFile</code> 
 In order to authenticate users, by default the server looks in
 <code>/etc/passwd</code> for account information, and in
 <code>/etc/shadow</code> for the password. Comparing stored passwords
 requires root privileges, which this nonroot-running daemon will not have.
 You can get around this requirement by supplying your own passwd (and
 possibly group) files via the <a href="../modules/mod_auth_file.html#AuthUserFile"><code>AuthUserFile</code></a> and
 <a href="../modules/mod_auth_file.html#AuthGroupFile"><code>AuthGroupFile</code></a> directives. Make sure the permissions on your
 custom files allow for the daemon to read them (but hopefully not other
 users).

Example:
<pre>
 AuthUserFile /path/to/custom/ftpd.passwd
 AuthGroupFile /path/to/custom/ftpd.group
</pre>
 </li>

<li><code>AuthPAM</code> 
 PAM authentication requires root privileges. This directive will need
 to be set off.
 
 
 Example:
<pre>
 AuthPAM off
</pre>
 </li>

<li><code>PidFile</code> 
 This directive will need to be used to cause the server to write its PID
 to some file writable by the user.

Example:
<pre>
 PidFile /home/bob/ftpd/proftpd.pid
</pre>
 </li>

<li><code>ScoreboardFile</code> 
 This directive will need to be used to cause the server to write its
 scoreboard to some file writable by the user.

Example:
<pre>
 ScoreboardFile /home/bob/ftpd/proftpd.scoreboard
</pre>
 </li>

<li><code>WtmpLog</code> 
 Logging to <code>wtmp</code> files requires root privileges. While it is
 not strictly necessary for this directive to be set to off, failure
 to do so will result in server log messages like:
<pre>
 host.domain.net (localhost[127.0.0.1]) - wtmpx /var/adm/wtmpx: Permission denied
</pre>

Example:
<pre>
 WtmpLog off
</pre>
 </li>

<li><code>User, Group</code> 
 The ability to switch the identity of the server process to those configured
 by the <a href="../modules/mod_core.html#Userl"><code>User</code></a> and
 <a href="../modules/mod_core.html#Group"><code>Group</code></a> directives requires, of course, root privileges. It is best to
 configure <code>User</code> to be your username, and <code>Group</code> to
 be the name of your primary group (which is usually the first group listed
 by the <code>groups</code> command).

Example:
<pre>
 User bob
 Group bob
</pre>
 </li>
</ul>

Note that other configuration directives will be affected by the lack of
root privileges: <code>DefaultRoot</code> will not work, nor will
<code>&lt;Anonymous&gt;</code> sections, nor <code>UserOwner</code>.
Basically any operation that requires root privileges will be disabled.

If using the <code>SystemLog</code> directive, make sure the file to which the
server is to log can be written to by the configured daemon <code>User</code>
or <code>Group</code>.

The daemon should now start successfully. Complaints about not being able
to switch UIDs and such will be logged, but the daemon should still function
properly.

</body>
</html>

${this.title}

Code Editor : Nonroot.html