LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-05-2007, 09:45 AM   #1
xudonw1
LQ Newbie
 
Registered: Apr 2007
Location: london
Posts: 19

Rep: Reputation: 0
Unhappy My Life doomed just coz VSFTPD ---Help


I try to create a vsftpd on debain machine.
Obviouly I am not willing those ftp users are able to shell my machine. therefor I create those ftp accounts by

useradd -m -c "xxxxx" -d /home/xxxxx -s /bin/false xxxxx

however those account never work,, and vsftp logs only showing me like that
Thu Apr 5 11:38:32 2007 [pid 13296] [ftpuser] FAIL LOGIN: Client "172.16.201.21


Once I use usermod to enable the shell access on those account, it works.

Such .$%$%$%$...... May be I am stupid!!

I do need some help..
 
Old 04-05-2007, 12:24 PM   #2
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
did you configure your vsftpd.conf?
 
Old 04-06-2007, 07:58 AM   #3
xudonw1
LQ Newbie
 
Registered: Apr 2007
Location: london
Posts: 19

Original Poster
Rep: Reputation: 0
yes of coz

please see my vsftpd.conf below

1 # daemon started from an initscript.
2 listen=YES
3 #
4 # Run standalone with IPv6?
5 #listen_ipv6=YES
6 #
7 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
8 anonymous_enable=no
9 #
10 # Uncomment this to allow local users to log in.
11 local_enable=YES
12 #
13 # Uncomment this to enable any form of FTP write command.
14 write_enable=YES
15 #
16 # Default umask for local users is 077. You may wish to change this to 022,
17 # if your users expect that (022 is used by most other ftpd's)
18 local_umask=022
19 #
20 # Uncomment this to allow the anonymous FTP user to upload files. This only
21 # has an effect if the above global write enable is activated. Also, you will
22 # obviously need to create a directory writable by the FTP user.
23 #anon_upload_enable=YES
24 #
25 # Uncomment this if you want the anonymous FTP user to be able to create
26 # new directories.
27 #anon_mkdir_write_enable=YES
28 #
29 # Activate directory messages - messages given to remote users when they
30 # go into a certain directory.
31 dirmessage_enable=YES
32 #
33 # Activate logging of uploads/downloads.
34 xferlog_enable=YES
35 #
36 # Make sure PORT transfer connections originate from port 20 (ftp-data).
37 connect_from_port_20=YES
38 #
39 # If you want, you can arrange for uploaded anonymous files to be owned by
40 # a different user. Note! Using "root" for uploaded files is not
41 # recommended!
42 #chown_uploads=YES
43 #chown_username=whoever
44 #
45 # You may override where the log file goes if you like. The default is shown
46 # below.
47 xferlog_file=/var/log/vsftpd.log
48 #
49 # If you want, you can have your log file in standard ftpd xferlog format
50 #xferlog_std_format=YES
51 #
52 # You may change the default value for timing out an idle session.
53 #idle_session_timeout=600
54 #
55 # You may change the default value for timing out a data connection.
56 #data_connection_timeout=120
57 #
58 # It is recommended that you define on your system a unique user which the
59 # ftp server can use as a totally isolated and unprivileged user.
60 #nopriv_user=ftpsecure
61 #
62 # Enable this and the server will recognise asynchronous ABOR requests. Not
63 # recommended for security (the code is non-trivial). Not enabling it,
64 # however, may confuse older FTP clients.
65 #async_abor_enable=YES
66 #
67 # By default the server will pretend to allow ASCII mode but in fact ignore
68 # the request. Turn on the below options to have the server actually do ASCII
69 # mangling on files when in ASCII mode.
70 # Beware that on some FTP servers, ASCII support allows a denial of service
71 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
72 # predicted this attack and has always been safe, reporting the size of the
73 # raw file.
74 # ASCII mangling is a horrible feature of the protocol.
75 #ascii_upload_enable=YES
76 #ascii_download_enable=YES
77 #
78 # You may fully customise the login banner string:
79 ftpd_banner=Welcome to NanoFTP service.
80 #
81 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
82 # useful for combatting certain DoS attacks.
83 #deny_email_enable=YES
84 # (default follows)
85 #banned_email_file=/etc/vsftpd.banned_emails
86 #
87 # You may restrict local users to their home directories. See the FAQ for
88 # the possible risks in this before using chroot_local_user or
89 # chroot_list_enable below.
90 chroot_local_user=YES
91 #
92 # You may specify an explicit list of local users to chroot() to their home
93 # directory. If chroot_local_user is YES, then this list becomes a list of
94 # users to NOT chroot().
95 #chroot_list_enable=YES
96 # (default follows)
97 #chroot_list_file=/etc/vsftpd.chroot_list
98 #
99 # You may activate the "-R" option to the builtin ls. This is disabled by
100 # default to avoid remote users being able to cause excessive I/O on large
101 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
102 # the presence of the "-R" option, so there is a strong case for enabling it.
103 ls_recurse_enable=YES
104 #
105 #
106 # Debian customization
107 #
108 # Some of vsftpd's settings don't fit the Debian filesystem layout by
109 # default. These settings are more Debian-friendly.
110 #
111 # This option should be the name of a directory which is empty. Also, the
112 # directory should not be writable by the ftp user. This directory is used
113 # as a secure chroot() jail at times vsftpd does not require filesystem
114 # access.
115 secure_chroot_dir=/var/run/vsftpd
116 #
117 # This string is the name of the PAM service vsftpd will use.
118 pam_service_name=vsftpd
119 #
120 # This option specifies the location of the RSA certificate to use for SSL
121 # encrypted connections.
122 rsa_cert_file=/etc/ssl/certs/vsftpd.pem
 
Old 04-06-2007, 12:40 PM   #4
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
Well like you said, once you enable shell access, then FTP works for the specific user. This is because it is set up so when a user authenticates him or herself, it goes to their /home/username. So it looks like you cannot use the -s /bin/false.
 
Old 04-07-2007, 06:47 AM   #5
xudonw1
LQ Newbie
 
Registered: Apr 2007
Location: london
Posts: 19

Original Poster
Rep: Reputation: 0
Hi there

I just want those FTP users actually been jailed in their home directory, meanwhile they not allow to access my box through shell by their ftp login details


Thank you
 
Old 04-17-2007, 10:28 AM   #6
xudonw1
LQ Newbie
 
Registered: Apr 2007
Location: london
Posts: 19

Original Poster
Rep: Reputation: 0
jus found the answer by myself.... I forget to put /bin/false in the /etc/shells
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Destined (Doomed?) To Use Ubuntu! tauhshi Linux - Distributions 11 11-30-2006 11:37 AM
Agere Systems ac'97 modem ? Am I doomed ? lhstes Linux - Hardware 11 08-16-2005 10:02 AM
I'm embarrassed coz this question is probably stupid... max6110 Linux - Newbie 2 09-28-2003 08:36 AM
LNO's we're doomed jgr220 General 8 03-07-2003 10:53 PM
Internal Modem - am I doomed? CragStar Linux - Newbie 35 12-28-2000 04:03 PM


All times are GMT -5. The time now is 10:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration