LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-26-2013, 11:56 PM   #1
sniper8752
Member
 
Registered: Oct 2012
Posts: 340

Rep: Reputation: Disabled
ftp questions


I have a lot of FTP questions, so I won't ask them all at once.

My first questions are about security, which I consider to be very important, and the utmost priority. I am using vsftpd. Not sure if that was a good choice or not in using a FTP service.
I would like users on the server that have accounts, to access the FTP service, but not their entire home directory. Just a defined directory (the standard, /var/www - Apache site). I have disabled the pi account in ftpusers. I sftp to it, and it allows me access to whatever directory I like. I just enter the root directory, and it takes me there. There are two issues with this:

1) It should be denying me access when accessing the pi account in the first place
2) It should at least limit me to my home directory / /var/www directory.

I have a User1 account, for example, that is allowed to access the FTP service. How do I make it so that only they are allowed to access it, and even then, with the restrictions?

Some vsftpd.conf settings:

anonymous_enable=NO
local_enable=NO
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftp.chroot_list (yes the file exists)
local_root=/var/www

Let me know if there is anything else I should share. These are just those things that I thought were most important in regards to my issue.

My next questions will be in regards to it using SFTP, instead of the TLS/SSL that I have already set up....
 
Old 04-27-2013, 01:12 AM   #2
eklavya
Member
 
Registered: Mar 2013
Posts: 619

Rep: Reputation: 136Reputation: 136
vsftpd is a good choice, if you set it up perfect, it is perfect ftp service for you.

You can jailed the user in particular directory so they can not go in parent directory , they can access only sub directories.
To jail the user. You have done this thing using
chroot_local_user=YES
local_root=/var/www


Allow users to upload file, set
local_enable=YES
write_enable_YES


If you want that any user should not access ftp account. Run following command. if you are using debian, ubuntu
Code:
echo username >> /etc/ftpusers
If you are using centos, fedora
Code:
echo username >> /etc/vsftpd/ftpusers
The user will not access it's ftp account.

Last edited by eklavya; 04-27-2013 at 01:15 AM.
 
Old 04-27-2013, 08:57 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
Note that ftp is a plaintext protocol, so if you want an encrypted cxn, either add TLS to it (see https://security.appspot.com/vsftpd.html) or use sftp/scp instead (part of the ssh pkg).
 
Old 04-27-2013, 11:08 AM   #4
sniper8752
Member
 
Registered: Oct 2012
Posts: 340

Original Poster
Rep: Reputation: Disabled
I heard that not even sftp is safe. it only sends the username/password in an encrypted form. As for the SSL/TLS, I have it enabled. I tried selecting the SSL/TLS option, but it wouldn't connect. It will only use the SFTP connection.

I did what you said, and I restarted my machine. I connected via sftp, and it still allows me to the root account. I made sure to add the root user to the ftpusers file.
 
Old 04-28-2013, 08:19 AM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
sftp has ZERO to do with ftp eg vsftpd, that's why 'ftpusers' had no effect..
As above sftp & scp are part of the ssh pkg.

You need to choose EITHER sftp (or scp) OR vsftpd+TLS.
Hope that's clearer.
 
Old 05-03-2013, 09:45 PM   #6
sniper8752
Member
 
Registered: Oct 2012
Posts: 340

Original Poster
Rep: Reputation: Disabled
I tried sftp, and it seemed to work. tried ftp over ssl/tls, with both implicit and explicit encryption, and it failed. I am thinking the last two options (or at least one of them) is what should actually be selected.

Last edited by sniper8752; 05-03-2013 at 10:29 PM.
 
Old 05-04-2013, 04:38 PM   #7
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,028

Rep: Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845Reputation: 845
my opinion is that the old, deprecated and insecure ftp protocol should never be used (much like the way that rsh/rlogin, telnet are rarely used). instead just use scp with keys for automated file transfers or sftp for human prompted sessions.

also sshfs is pretty flexible,

Last edited by schneidz; 05-04-2013 at 04:42 PM.
 
Old 05-04-2013, 10:05 PM   #8
sniper8752
Member
 
Registered: Oct 2012
Posts: 340

Original Poster
Rep: Reputation: Disabled
I would like to see if I can get the current setup to work. I seemed to follow through with the whole tutorial, yet, it is not working.
 
Old 05-05-2013, 07:13 AM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
Good luck.
If you decide to look at sftp (everything is encrypted on the cxn) with a chroot jail, try http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Questions about ftp UnforgotteN Linux - Newbie 4 05-24-2005 12:20 AM
ftp questions birv Linux - Newbie 3 01-23-2004 01:55 PM
ftp questions limiter Linux - Networking 3 10-10-2003 02:06 AM
WU-FTP questions syphon00 Linux - Networking 3 09-04-2002 11:07 AM
questions about wu-ftp cywong18 Linux - General 1 05-23-2002 04:37 AM


All times are GMT -5. The time now is 12:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration