FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-07-2008, 05:40 AM
"Mad Unix"
 
Default vsftpd

Hi ALL

I'm using vsftpd as FTP server, and I'd like to chroot my FTP users
to their home dir. How can I do it? i.e. "jailing" them in their home
dir...
at the moment I have the following issues the user when they login to
ftp server they go to the main directory /var/ftp/

/etc/passwd
...
sdc:x:501:501::/var/ftp/sdc:/bin/bash
ase:x:502:501::/var/ftp/ase:/bin/bash
jsc:x:503:501::/var/ftp/jsc/:/bin/bash


[root@linux10 ftp]# pwd
/var/ftp
[root@linux10 ftp]# ls -al
total 28
drwx--x--x 6 root ftpusers 4096 Oct 6 13:46 .
drwxr-xr-x 22 root root 4096 Oct 5 15:42 ..
drwx------ 3 ase ftpusers 4096 Oct 6 20:30 ase
drwx------ 3 jsc ftpusers 4096 Oct 6 17:27 jsc
drwx------ 2 pons pons 4096 Oct 6 16:22 pub
drwx------ 5 sdc ftpusers 4096 Oct 6 17:19 sdc

chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
###added for TLSand SSL permission
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
local_root=/var/ftp
#userlist_file=/etc/vsftpd/ftpusers
userlist_file=/etc/vsftpd/ftpusers
#userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
anon_max_rate=10485760
local_max_rate=0
max_clients=500
max_per_ip=4
passwd_chroot_enable=YES
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-07-2008, 09:00 PM
"Bob Hoffman"
 
Default vsftpd

> I'm using vsftpd as FTP server, and I'd like to chroot my FTP users
> to their home dir. How can I do it? i.e. "jailing"
> them in their home dir...
> at the moment I have the following issues the user when they login to
> ftp server they go to the main directory /var/ftp/
>

Here is what I did, full discussion at this link
http://www.bobhoffman.com/forums/viewtopic.php?f=4&t=11

Here is my file. Each user is locked into his folder listed in the
etc/pssword file.


ftpd_banner=Welcome to my webserver!
listen=YES
pam_service_name=vsftpd
anonymous_enable=NO
local_enable=YES
session_support=NO
write_enable=YES
chroot_local_user=YES

#supposed default settings added for security and other redhat settings
userlist_deny=YES
userlist_enable=YES
#userlist file is default to /etc/vsftpd.userlist
local_umask=022

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-13-2008, 11:42 PM
Dobry Dobrev
 
Default vsftpd

Bob Hoffman wrote:
>> I'm using vsftpd as FTP server, and I'd like to chroot my FTP users
>> to their home dir. How can I do it? i.e. "jailing"
>> them in their home dir...
>> at the moment I have the following issues the user when they login to
>> ftp server they go to the main directory /var/ftp/
>>
>
> Here is what I did, full discussion at this link
> http://www.bobhoffman.com/forums/viewtopic.php?f=4&t=11
>
> Here is my file. Each user is locked into his folder listed in the
> etc/pssword file.
>
>
> ftpd_banner=Welcome to my webserver!
> listen=YES
> pam_service_name=vsftpd
> anonymous_enable=NO
> local_enable=YES
> session_support=NO
> write_enable=YES
> chroot_local_user=YES
>
> #supposed default settings added for security and other redhat settings
> userlist_deny=YES
> userlist_enable=YES
> #userlist file is default to /etc/vsftpd.userlist
> local_umask=022


and here is mine

anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
pasv_max_port=8000
pasv_min_port=7000
use_localtime=YES
deny_file={.*,.ssh,.*profile*}
hide_file={.*,.ssh,.*profile*}
check_shell=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
ftpd_banner=Our FTPd Server
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
syslog_enable=YES
chmod_enable=NO
secure_chroot_dir=/usr/share/empty

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-30-2010, 07:04 AM
Roland Turcan
 
Default VSFTPd

Hello ubuntu-users@lists.ubuntu.com!

I have recently installed VSFTP and created user with home directory
in /var/www/user. User can connect fine, but I don't want that he can
walk through upper directories and even into "/", ...

How can I deny changing directory backwards?

Thanks in advance.

--
Best regards, TRoland
http://www.rotursoft.sk
http://exekutor.rotursoft.sk


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 06-30-2010, 07:34 AM
Marcos
 
Default VSFTPd

You should try mysecureshell

It is a sftp server for the open ssh server. Has only one config file (really easy) and it's just a shell for the user. It supports virtual chrooting to user's home.



HTH

Regards.
*
*


2010/6/30 Roland Turcan <konf@rotursoft.sk>


Hello ubuntu-users@lists.ubuntu.com!



I have recently installed VSFTP and created user with home directory

in /var/www/user. User can connect fine, but I don't want that he can

walk through upper directories and even into "/", ...



How can I deny changing directory backwards?



Thanks in advance.



--

Best regards, TRoland

http://www.rotursoft.sk

http://exekutor.rotursoft.sk





--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 06-30-2010, 07:35 AM
Markus Schönhaber
 
Default VSFTPd

30.06.2010 09:04, Roland Turcan:

> I have recently installed VSFTP and created user with home directory
> in /var/www/user. User can connect fine, but I don't want that he can
> walk through upper directories and even into "/", ...
>
> How can I deny changing directory backwards?

man vsftpd.conf
or
http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html

Look for
chroot_list_enable
and
chroot_local_user

Setting (at least one of) those should achieve what you want.

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 06-30-2010, 07:48 AM
Roland Turcan
 
Default VSFTPd

Hello Markus,

Thanks. That's it.

TRoland;

<<< 30.06.2010 9:35 - Markus Schönhaber "ubuntu-users@list-post.mks-mail.de" >>>
MS> 30.06.2010 09:04, Roland Turcan:

>> I have recently installed VSFTP and created user with home directory
>> in /var/www/user. User can connect fine, but I don't want that he can
>> walk through upper directories and even into "/", ...
>>
>> How can I deny changing directory backwards?

MS> man vsftpd.conf
MS> or
MS> http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html

MS> Look for
MS> chroot_list_enable
MS> and
MS> chroot_local_user

MS> Setting (at least one of) those should achieve what you want.

MS> --
MS> Regards
MS> mks





--
Best regards, TRoland
http://www.rotursoft.sk
http://exekutor.rotursoft.sk


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 06-30-2010, 07:50 AM
Roland Turcan
 
Default VSFTPd

Hello Marcos,

Thanks, but the question was not to change the server, but to find the
way how to set it up.

Anyway thanks for your response and I will read info about
mysecureshell which could be useful for the future.

TRoland;

<<< 30.06.2010 9:34 - Marcos "fraga.muerete@gmail.com" >>>
M> You should try mysecureshell

M> It is a sftp server for the open ssh server. Has only one config
M> file (really easy) and it's just a shell for the user. It supports
M> virtual chrooting to user's home.

M> HTH

M> Regards.
M>
M>


M> 2010/6/30 Roland Turcan <konf@rotursoft.sk>
M> Hello ubuntu-users@lists.ubuntu.com!

M> I have recently installed VSFTP and created user with home directory
M> in /var/www/user. User can connect fine, but I don't want that he can
M> walk through upper directories and even into "/", ...

M> How can I deny changing directory backwards?

M> Thanks in advance.

M> --
M> Best regards, TRoland
M> http://www.rotursoft.sk
M> http://exekutor.rotursoft.sk


M> --
M> ubuntu-users mailing list
M> ubuntu-users@lists.ubuntu.com
M> Modify settings or unsubscribe at:
M> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users




--
Best regards, TRoland
http://www.rotursoft.sk
http://exekutor.rotursoft.sk


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 06-30-2010, 08:04 AM
Marcos
 
Default VSFTPd

2010/6/30 Roland Turcan <konf@rotursoft.sk>


Hello Marcos,



Thanks, but the question was not to change the server, but to find the

way how to set it up.



Anyway thanks for your response and I will read info about

mysecureshell which could be useful for the future.



TRoland;


Yeah, I realised it.* Anyway I just thought it could be useful for people using FTP servers or SFTP to know about MySecureShell and it's ACL's that could be useful for some purposes:



Here is an overview of ACLs:
- Control bandwidth.
- Secure
viewing rights.
- Administration of server by GUI.

- Management of the activity the server with logging.

- Control by user ip, groups ...
- Remote Access
administration.
- Confinement server in a secure area (Chroot
Jail ).


HTH someone
*


<<< 30.06.2010 9:34 - Marcos "fraga.muerete@gmail.com" >>>

M> You should try mysecureshell



M> It is a sftp server for the open ssh server. Has only one config

M> file (really easy) and it's just a shell for the user. It supports

M> virtual chrooting to user's home.



M> HTH



M> Regards.

M>

M>





M> 2010/6/30 Roland Turcan <konf@rotursoft.sk>

M> Hello ubuntu-users@lists.ubuntu.com!



M> I have recently installed VSFTP and created user with home directory

M> in /var/www/user. User can connect fine, but I don't want that he can

M> walk through upper directories and even into "/", ...



M> How can I deny changing directory backwards?



M> Thanks in advance.



M> --

M> Best regards, TRoland

M> http://www.rotursoft.sk

M> http://exekutor.rotursoft.sk





M> --

M> ubuntu-users mailing list

M> ubuntu-users@lists.ubuntu.com

M> Modify settings or unsubscribe at:

M> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users









--

Best regards, TRoland

http://www.rotursoft.sk

http://exekutor.rotursoft.sk





--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 09:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org