LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-15-2006, 09:42 AM   #1
bnz99
LQ Newbie
 
Registered: Dec 2006
Distribution: Fedora Core 6
Posts: 2

Rep: Reputation: 0
FTP Server permissions


I've configured VSFTPD on my new Fedora 6 box, created a couple of accounts and so far everything is working except for one thing. The ftp accounts which I want to be able to read and write in their home directories are also able to 'cd' anywhere in the system, as well as transfer systems files. How do you restrict them to just their home? They are part of a group called 'ftp-users' which I created. This group does not have access to anywhere else in the system as far as I can tell. Obviously I'm doing something wrong here.

If you need more info, please let me know.

Thanks in advance.
 
Old 12-15-2006, 03:00 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,580
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
You need to setup "chroot" on the home directories. Doing a google search for that should give you tons of info on how to do it.
 
Old 12-16-2006, 10:23 PM   #3
bnz99
LQ Newbie
 
Registered: Dec 2006
Distribution: Fedora Core 6
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the reply.

From what I read it should be as easy as setting the the following options in vsftp.conf:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

I added my allowed users to the list (chroot_list) which I created. My problem now is when the log in they go directly to the root of the box. In fact, they cannot even get into their home directory (550 error).

Where am I going wrong here?

Thanks again.
 
Old 12-17-2006, 12:36 AM   #4
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
You should have read the comments that appear in most of the default vsftpd.conf files -

Code:
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
The users automatically get trapped once chroot_local_user gets set to YES. By writing them into the chroot list, you basicly give them a get out of jail free card.

Also, you were worried about users being able to read system files. Why? They can read almost anyplace, but other than within their home directories, they can't write. That is one of the beauties of the *nix system. Had they tried to upload a file to /etc, it would have failed. They don't have write permission there.

Peace,
JimBass
 
Old 12-17-2006, 03:18 AM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,580
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
Also remember you should chroot them to the directory you want them to be in. Note that when they login that directory will appear to be root.

That is to say if the chrooted directory you created was /home/someuser then when they login they won't see /home/someuser. They'll see "/". However what they see in "/" will be whatever you as the admin see in /home/someuser. That's why you have to put in the files they'll need - they can't go anywhere except to the chrooted directory. Often you need to create etc, bin, usr/bin or other directories and contents for the chrooted directory to give them access to what you want them to have or what they need to have to login (e.g. an abreviated /etc/passwd with only their account in it should be in /home/someuser/etc/passwd).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
In plesk , I wish to have a backup cron job, ftp back up file to another ftp server? muskiediver Linux - General 6 07-16-2009 04:13 AM
ftp server and permissions Hammett Linux - General 4 03-21-2005 01:52 PM
FTP Server Up and running... how do I hide ftp users from local login screen? joe1031 Mandriva 2 03-18-2005 05:24 PM
How do i give permissions on ftp server? Soujiro Linux - Software 1 04-23-2004 12:27 AM
Permissions on an FTP Server RedCatcher Linux - General 0 03-13-2004 03:16 PM


All times are GMT -5. The time now is 07:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration