LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-13-2003, 08:46 AM   #1
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
vsftpd setup with virtual users


I have had problems at first due to a wrong version so I thought I should write a few lines about it. My base configuration:
Code:
# ====================================================================
# base settings
# --------------------------------------------------------------------
anon_world_readable_only=NO
anonymous_enable=NO
background=YES
chroot_local_user=YES
ftpd_banner=Some ftp server. All actions are being logged!
guest_enable=YES
guest_username=ftp
hide_ids=YES
listen=YES
listen_address=192.168.0.82
local_enable=YES
max_clients=50
max_per_ip=5
nopriv_user=ftp
pasv_address=192.168.0.82
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
xferlog_enable=YES
# ====================================================================



# ====================================================================
# ftp settings
# --------------------------------------------------------------------
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_umask=0027
anon_upload_enable=NO
async_abor_enable=YES
#cmds_allowed=LIST,PASV,RETR,QUIT
connect_from_port_20=YES
pasv_enable=YES
port_enable=YES
write_enable=NO
# ====================================================================
If you are using Debian you NEED to install libdb3-util (do NOT attempt to do a filesearch for db_load like I did - you will end up with libdb2-util and have to face problems). libdb3-util is the right one.

After that you can create the db with for instance:db3_load -T -t hash -f /etc/vsftpd/tmp/accounts.txt /etc/vsftpd/accounts.db

A user looks like:
Code:
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
local_root=/usr/local/apache2/htdocs/test
write_enable=YES
If you have any questions regarding the setup just let me know!
 
Old 06-13-2003, 09:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,447
Blog Entries: 54

Rep: Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890Reputation: 2890
//moderator.note: Markus, as regular contributor of docs, could you prefix your posts of the informational level with something like "FYI: "? TIA.
 
Old 06-13-2003, 01:18 PM   #3
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
I'm sorry. feel free to edit the subject :-)
 
Old 06-17-2003, 06:51 AM   #4
Stex
LQ Newbie
 
Registered: Mar 2003
Posts: 13

Rep: Reputation: 0
hi markus,

i got a question. u created a local user named ftp, then u created your database with your virtual users.
after that u created a pam file and u set all the ftp and base settings.right?

but what did u do with this line?
user_config_dir=/etc/vsftpd/users

I cant find that in my config file. Is it right that u can assign every virtual user an own directory with the next line?

local_root=/usr/local/apache2/htdocs/test

Let us accept that i have 2 virtual users.
User 1 named=Tom
User 2 named=Fritz

can i now put in /etc/vsftpd/users to textfiles first named
Tom second named Fritz and give them the following content?

For Tom:
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
local_root=/usr/local/apache2/htdocs/Tom
write_enable=YES

For Fritz:
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
local_root=/usr/local/apache2/htdocs/Fritz
write_enable=YES

Now if i login as Tom do i get to the path of Tom?
Does it work like this or am i wrong.
If i am wrong how can i reach my planning?

Sorry for my bad english

Greetz
 
Old 06-17-2003, 08:13 AM   #5
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
Well honestly I have adjusted my configuration since I require the posibility to chmod files (which you can't do with anonymouss users):
Code:
# ====================================================================
# base settings
# --------------------------------------------------------------------
#background=YES
chroot_local_user=YES
force_dot_files=YES
ftpd_banner=some ftp server
guest_enable=YES
guest_username=ftp
hide_ids=YES
listen=YES
listen_address=192.168.0.82
local_enable=YES
log_ftp_protocol=YES
max_clients=50
max_per_ip=5
nopriv_user=ftp
pasv_address=192.168.0.82
pasv_enable=YES
pasv_min_port=64000
pasv_max_port=65535
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/dyn/users
userlist_deny=YES
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users
virtual_use_local_privs=YES
xferlog_enable=YES
# ====================================================================



# ====================================================================
# ftp settings
# --------------------------------------------------------------------
async_abor_enable=YES
chmod_enable=NO
#cmds_allowed=QUIT,CHMOD
connect_from_port_20=YES
dirlist_enable=NO
download_enable=NO
local_umask=0027
pasv_enable=YES
port_enable=YES
write_enable=NO
# ====================================================================
 
Old 06-17-2003, 08:19 AM   #6
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
Quote:
but what did u do with this line?
user_config_dir=/etc/vsftpd/users
From the manpage:
Quote:
This powerful option allows the override of any config option specified in the manual page, on a per-user basis. Usage is simple, and is best illustrated with an example. If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user "chris", then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session. The format of this file is as detailed in this manual page!
Quote:
I cant find that in my config file. Is it right that u can assign every virtual user an own directory with the next line?
local_root=/usr/local/apache2/htdocs/test
Wrong. Except you use virtual_use_local_privs=YES. If you do not have that enabled (which is the default) you require anon_root setting.
Quote:
Now if i login as Tom do i get to the path of Tom?
Does it work like this or am i wrong.
If i am wrong how can i reach my planning?
You don't get to the other dir ... but you should consider using my new configuration if you require users to be able to chmod!
 
Old 06-20-2003, 04:40 PM   #7
romulo.rosinha
LQ Newbie
 
Registered: Jun 2003
Location: Porto Alegre, RS - Brasil
Distribution: RedHat 8
Posts: 1

Rep: Reputation: 0
markus,

i've doing some experiment with your vsftpd.conf and in no way i can get to login a local and a virtual user with the same config...

i can authenticate local users using pam config provided by vsftpd install and virtual users with pam config provided vsftpd virtual user example... but not the two at the same time.

what's your pam configuration, if any?
what r u using for authenticating both local and virtual users at the same time?
 
Old 06-21-2003, 02:00 AM   #8
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
local users should not be possible to login. Honestly I've denied ALL local users to login. Remember FTP uses CLEARTEXT password transmission so allowing local users to login is a potential security hole ... and I do not like that.

My /etc/pam.d looks like that:
Code:
auth    required /lib/security/pam_userdb.so db=/etc/vsftpd/dyn/accounts
account required /lib/security/pam_userdb.so db=/etc/vsftpd/dyn/accounts
 
Old 06-21-2003, 04:54 AM   #9
Stex
LQ Newbie
 
Registered: Mar 2003
Posts: 13

Rep: Reputation: 0
hi markus,

i set up vsftpd_login.db with my users. Then i created the pam file and copied it to the pam directory. Then i set up this new local user "virtual" with the home directory of my apache served fiels in /var/www/html.

Now i want to allow my users from the vsftpd_login.db to log in one dir per user. I mean

user1 --> /var/www/html/user1
user2 --> /var/www/html/user2

And every user should be able to upload files, delete files, read files like html files. And they should be executable to watch them in an browser.
How can i reach that? Any advises?

Heres my current vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_world_readable_only=NO
chroot_local_users=YES
guest_enable=YES
guest_username=virtual
passv_min_port=30000
passv_max_port=30999
 
Old 06-21-2003, 05:03 AM   #10
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
Please take a look at the first post since it covers everything. If you require your users to be able to use the chmod command (cgi's) then you should take a look at my 2nd configuration.
 
Old 06-21-2003, 05:36 AM   #11
Stex
LQ Newbie
 
Registered: Mar 2003
Posts: 13

Rep: Reputation: 0
HI,

if i add these to lines
chmod_enable=YES
cmds_allowed=CHMOD

to my conf i get an 500 OOPS: unrecognised variable in config file error.

What to do?

greetz
 
Old 06-21-2003, 05:44 AM   #12
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
Which vsftpd version are you using? I'm using vsftpd 1.2.0 ... Also do not use cmds_allowed ... at least not till I can provide you with a configuration that works for all clients.
 
Old 06-21-2003, 05:51 AM   #13
Stex
LQ Newbie
 
Registered: Mar 2003
Posts: 13

Rep: Reputation: 0
my synaptic says that im using version 1.1.1-fr1 and theres no update available.

I also tried only the statement

chmod_enable=YES

but i get still this 500 OOPS: unrecognised variable in config file error.
 
Old 06-21-2003, 05:57 AM   #14
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
well then disable that statement ... and check if it works then. Afterwards upload a file and try chmod 700 <filename>. I do not know when chmod_enable was introduced ... but this should work. Also 1.2.0 is current version and you should consider upgrading ...
 
Old 06-21-2003, 06:05 AM   #15
Stex
LQ Newbie
 
Registered: Mar 2003
Posts: 13

Rep: Reputation: 0
if i disable this statement it works. i can upload files
but only if i set the following statements to yes.

anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO

For Debian the last version is 1.2 but for redhat 8 i only find the newest version 1.1
http://rpmseek.com/rpm-pl/vsftpd.html?hl=de&cx=0::

But anyway have u an idea how i an solve my problem?

greetz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
vsftpd and virtual users chrull Linux - Software 0 05-14-2004 05:09 PM
vsftpd and virtual users poweroff Linux - General 0 02-26-2004 07:04 AM
vsftpd setup on RH9 with virtual users mr_r Linux - Networking 7 12-15-2003 11:57 AM
vsftpd and virtual users JeffV Linux - Software 2 11-14-2003 09:47 AM


All times are GMT -5. The time now is 08:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration