Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a lot of FTP questions, so I won't ask them all at once.
My first questions are about security, which I consider to be very important, and the utmost priority. I am using vsftpd. Not sure if that was a good choice or not in using a FTP service.
I would like users on the server that have accounts, to access the FTP service, but not their entire home directory. Just a defined directory (the standard, /var/www - Apache site). I have disabled the pi account in ftpusers. I sftp to it, and it allows me access to whatever directory I like. I just enter the root directory, and it takes me there. There are two issues with this:
1) It should be denying me access when accessing the pi account in the first place
2) It should at least limit me to my home directory / /var/www directory.
I have a User1 account, for example, that is allowed to access the FTP service. How do I make it so that only they are allowed to access it, and even then, with the restrictions?
Some vsftpd.conf settings:
chroot_list_file=/etc/vsftp.chroot_list (yes the file exists)
Let me know if there is anything else I should share. These are just those things that I thought were most important in regards to my issue.
My next questions will be in regards to it using SFTP, instead of the TLS/SSL that I have already set up....
vsftpd is a good choice, if you set it up perfect, it is perfect ftp service for you.
You can jailed the user in particular directory so they can not go in parent directory , they can access only sub directories.
To jail the user. You have done this thing using chroot_local_user=YES
Allow users to upload file, set local_enable=YES
If you want that any user should not access ftp account. Run following command. if you are using debian, ubuntu
I heard that not even sftp is safe. it only sends the username/password in an encrypted form. As for the SSL/TLS, I have it enabled. I tried selecting the SSL/TLS option, but it wouldn't connect. It will only use the SFTP connection.
I did what you said, and I restarted my machine. I connected via sftp, and it still allows me to the root account. I made sure to add the root user to the ftpusers file.
I tried sftp, and it seemed to work. tried ftp over ssl/tls, with both implicit and explicit encryption, and it failed. I am thinking the last two options (or at least one of them) is what should actually be selected.
Last edited by sniper8752; 05-03-2013 at 10:29 PM.
my opinion is that the old, deprecated and insecure ftp protocol should never be used (much like the way that rsh/rlogin, telnet are rarely used). instead just use scp with keys for automated file transfers or sftp for human prompted sessions.