AllowGroup in proftpd not working

Question

i want to limit ftp logins to only users from a specific group: in /etc/proftpd/proftpd.conf i have:

<Limit LOGIN>
        AllowGroup ftpuser
</Limit>

but i can still connect to ftp using a user outside the group:

root@packer-debian-7:/etc/proftpd# groups vagrant
vagrant : vagrant cdrom floppy sudo audio dip video plugdev

login command:

root@packer-debian-7:/etc/proftpd# sftp vagrant@localhost
vagrant@localhost's password: 
Connected to localhost.
sftp> dir
kurez  
sftp> quit

my whole config file: http://pastebin.com/FWa6TUdv

score 5 · Accepted Answer · answered Jun 23 '14 at 14:55

According to the documentation:

Cautious system administrators may want only a few select system users to be able to connect to their proftpd server--all other users are to be denied access. The LOGIN command group is designed for just this scenario:
<Limit LOGIN>
  AllowUser barb
  AllowUser dave
  AllowGroup ftpuser
  DenyAll   
</Limit> 
This allows the users barb and dave, as well as any user in the ftpuser group, to login. All other users will be denied.

You need to use the DenyAll clause right after AllowGroup ftpuser

AllowGroup in proftpd not working

1 Answers1