LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-17-2012, 11:42 PM   #1
SarahGurung
Member
 
Registered: Jul 2011
Posts: 322

Rep: Reputation: Disabled
is it possible to have two local_chroot in vsftpd configuration in centos?


We have vsftpd running in the web server(say www.sarah.com) so that virtual users can login for ftp upload and in the vsfpd.conf, home directory(var/www/html/$USER) for each virtual user is been made via the local_root option.

But now i want to add a ftp/virtual user for the same web server(www.sarah.com) which is doing all these virtual hosting and want to add user(say test) inside /var/www/html/sarah instead of /var/www/html/test which is by default.

Because when i do that i can have web access as well if i type www.sarah.com/test.So users can upload via ftp and download via web.

So can you please tell me how should i proceed? Or is this not possible at all?

Last edited by SarahGurung; 06-17-2012 at 11:46 PM.
 
Old 06-18-2012, 02:07 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,762

Rep: Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587
Hi,

Quote:
But now i want to add a ftp/virtual user for the same web server(www.sarah.com) which is doing all these virtual hosting and want to add user(say test) inside /var/www/html/sarah instead of /var/www/html/test which is by default.
You can add in vsftpd.conf:
Code:
user_config_dir=/etc/vsftpd_user_conf
Create the directory /etc/vsftpd_user_conf (if it doesn't exist) and inside that directory create a file named "test" containing "/var/www/html/sarah".
After that restart the vsftpd service

Regards
 
Old 06-18-2012, 03:10 AM   #3
SarahGurung
Member
 
Registered: Jul 2011
Posts: 322

Original Poster
Rep: Reputation: Disabled
Well thanks a lot Mr.Bathory.

But i already have other virtual users with their home directory assigned. SO will this new user_config_dir affect it? because user_config_dir is for creating explicit home directory for users isnt it? Or can it just be used for this new user alone?

And if so can you please exactly tell me what should i write inside that test file?
 
Old 06-18-2012, 05:13 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,762

Rep: Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587
Quote:
SO will this new user_config_dir affect it? because user_config_dir is for creating explicit home directory for users isnt it? Or can it just be used for this new user alone?
Exactly.
If you want a user to have a different homedir (so he'll be chrooted in it), you create a file inside that directory with that user's name (in your case /etc/vsftpd_user_conf/test) containing:
Code:
local_root=/var/www/html/sarah
 
Old 06-18-2012, 05:30 AM   #5
SarahGurung
Member
 
Registered: Jul 2011
Posts: 322

Original Poster
Rep: Reputation: Disabled
Well what i meant was,i have other users created previously whose home directories have been given via the local_root and chroot_enable= yes option.user_conf_dir has not been used previously.so will using of user_conf_dir for just this new user work without affecting the previous users/their home directories or do i need to add them as well in the user_config file if i use that option?

And do i need to use it with chroot_list option?

My vsftpd conf as of now is as follows:

Code:
# disables anonymous FTP 
anonymous_enable=NO 

# enables non-anonymous FTP 
local_enable=YES 

# activates virtual users 
guest_enable=YES 

# virtual users to use local privs, not anon privs 
virtual_use_local_privs=YES 

# enables uploads and new directories 
write_enable=YES 

# the PAM file used by authentication of virtual uses 
pam_service_name=vsftpd-virtual 

# in conjunction with 'local_root', 
# specifies a home directory for each virtual user 
user_sub_token=$USER 
local_root=/var/www/html/$USER 

# the virtual user is restricted to the virtual FTP area 
chroot_local_user=YES 

# hides the FTP server user IDs and just display "ftp" in directory listings 
hide_ids=YES 

# runs vsftpd in standalone mode 
listen=YES 

# listens on this port for incoming FTP connections 
#listen_port=60021 

# the minimum port to allocate for PASV style data connections 
pasv_min_port=62222 

# the maximum port to allocate for PASV style data connections 
pasv_max_port=63333 

# controls whether PORT style data connections use port 20 (ftp-data) 
connect_from_port_20=YES 

# the umask for file creation 
local_umask=022 

# Uncomment this to allow the anonymous FTP user to upload files. This only 
# has an effect if the above global write enable is activated. Also, you will 
# obviously need to create a directory writable by the FTP user. 
#anon_upload_enable=YES 

# Uncomment this if you want the anonymous FTP user to be able to create 
# new directories. 
#anon_mkdir_write_enable=YES 
#anon_other_write_enable=YES 

# Activate directory messages - messages given to remote users when they 
# go into a certain directory. 
dirmessage_enable=YES 

# Activate logging of uploads/downloads. 
xferlog_enable=YES 

# If you want, you can arrange for uploaded anonymous files to be owned by 
# a different user. Note! Using "root" for uploaded files is not 
# recommended! 
chown_uploads=YES 
chown_username=ftp 

# You may override where the log file goes if you like. The default is shown 
# below. 
xferlog_file=/var/log/vsftpd.log 

# If you want, you can have your log file in standard ftpd xferlog format 
xferlog_std_format=YES 

# You may change the default value for timing out an idle session. 
idle_session_timeout=600 

# You may change the default value for timing out a data connection. 
data_connection_timeout=120 

# It is recommended that you define on your system a unique user which the 
# ftp server can use as a totally isolated and unprivileged user. 
nopriv_user=ftp 

# Enable this and the server will recognise asynchronous ABOR requests. Not 
# recommended for security (the code is non-trivial). Not enabling it, 
# however, may confuse older FTP clients. 
async_abor_enable=YES 

# By default the server will pretend to allow ASCII mode but in fact ignore 
# the request. Turn on the below options to have the server actually do ASCII 
# mangling on files when in ASCII mode. 
# Beware that on some FTP servers, ASCII support allows a denial of service 
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd 
# predicted this attack and has always been safe, reporting the size of the 
# raw file. 
# ASCII mangling is a horrible feature of the protocol. 
ascii_upload_enable=YES 
ascii_download_enable=YES 

# You may fully customise the login banner string: 
ftpd_banner=Authorized Access Only!! 

# You may activate the "-R" option to the builtin ls. This is disabled by 
# default to avoid remote users being able to cause excessive I/O on large 
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume 
# the presence of the "-R" option, so there is a strong case for enabling it. 
ls_recurse_enable=YES 

# When "listen" directive is enabled, vsftpd runs in standalone mode and 
# listens on IPv4 sockets. This directive cannot be used in conjunction 
# with the listen_ipv6 directive. 
listen=YES 

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 
# sockets, you must run two copies of vsftpd with two configuration files. 
# Make sure, that one of the listen options is commented !! 
#listen_ipv6=YES 

#userlist_enable=YES 
#userlist_deny=NO 
tcp_wrappers=YES 
max_clients=10 
max_per_ip=10
 
Old 06-18-2012, 06:56 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,762

Rep: Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587
Quote:
so will using of user_conf_dir for just this new user work without affecting the previous users/their home directories
Yes, it will affect only the user in question (the one with username "test")

Quote:
And do i need to use it with chroot_list option?
No, since you use already chroot_local_user=YES
 
Old 06-19-2012, 01:56 AM   #7
SarahGurung
Member
 
Registered: Jul 2011
Posts: 322

Original Poster
Rep: Reputation: Disabled
well thanks once again Mr.Bathory.

I made the required changes as you said and it worked as i wanted it to BUT THE PROBLEM IS when the user test logs in via the ftp client for upload it goes to /var/www/html/sarah and there i need to select the folder 'test' and then upload which means the user has access to to whole /var/www/html/sarah directory.

i want the user 'test' to have access to only the test or its home directory.

i did the following:

Code:
user_config_dir=/etc/vsftpd_user_conf

#vi /etc/vsftpd_user_conf/test
write_enable=YES
chroot_local_user=YES
local_root=/var/www/html/sarah
So what should i do for that?
 
Old 06-19-2012, 02:55 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,762

Rep: Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587Reputation: 1587
Quote:
i want the user 'test' to have access to only the test or its home directory.
Then change local_root accordingly:
Code:
local_root=/var/www/html/sarah/test
Also note that this user cannot access directories outside the chroot. If you want him to access his homedir (/home/test), you need to use other methods (like mount --bind in case of vsftpd)

Regards

Last edited by bathory; 06-19-2012 at 03:00 AM.
 
Old 06-19-2012, 04:29 AM   #9
SarahGurung
Member
 
Registered: Jul 2011
Posts: 322

Original Poster
Rep: Reputation: Disabled
well thanks Mr. Bathory.. It's working now.... I don't know how to mark this thread as solved also otherwise would have marked it as SOLVED..

And if any other issues arises will get back to you.. Hope you don't mind....It's working as of now..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD on Centos 5.6. ghandizzle8 Linux - Newbie 1 10-07-2011 04:57 PM
[SOLVED] vsftpd on CentOS 5.5 jonaskellens Linux - Newbie 2 09-16-2010 03:23 AM
vsftpd in CentOS RedLay Linux - Server 2 03-18-2010 08:01 AM
VSFTPD Configuration bharaniks Linux - Security 2 10-16-2005 11:58 PM
vsftpd configuration cdang Linux - Software 0 03-04-2004 02:37 AM


All times are GMT -5. The time now is 01:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration