LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-27-2002, 03:09 AM   #1
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Rep: Reputation: 15
Talking Security Question?


A quick question, but I doubt the answer will be quick!

I've installed pureftpd on mysystem running Mandrake 9.0.

I want to be able allow a user to access this machine (either through telnet or FTP) and see his home directory (IE: nothing above /home/userX), with the exception of the main HTML directory in Apache.

Can this be done?
If so, could somebody point me in the direction of information regarding this?

Thanks in advance!
 
Old 12-27-2002, 05:54 AM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
You can do this. But with a small trick. Chroot the user to his/her home. So the user won't be able to go above /home/username. Then create a symlink to Apache main dir in the user's home. (something like /home/username/apache).
 
Old 12-27-2002, 09:33 AM   #3
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Original Poster
Rep: Reputation: 15
Thanks for the reply!

That's where I'm getting confused. Everything that I've seen about chroot refers to executables being locked into the virtual root, I'm not sure how to do this with a user account or group. (I'm probably missing something, but I don't know what.)
 
Old 12-28-2002, 09:49 AM   #4
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Ah my fellow NewJersian I have help for you. First I suggest you don't allow telnet access because it is so insecure. Second I suggest you setup the user, as stated in a previous thread, as a chrooted user. Heres a good place for instructions

http://www.redhat.com/support/resour.../guestftp.html (Steps 1.4-1.8)

Now as for allowing them access to the html directory I'm not quite sure. If it is necessary for someone to access this directory I suggest you use SSH instead of Telnet. SSH is encrypted and Telnet is not.

Last edited by Crashed_Again; 12-28-2002 at 09:51 AM.
 
Old 12-28-2002, 05:50 PM   #5
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
With pureftpd it's quite easy. To chroot all users use '-A' switch. Or, if you'd like to chroot some users, but not all, use '-d <homedir>' to chroot and '-D <homedir>' to not to chroot when you create/modify an account using pure-pw.
 
Old 12-28-2002, 09:55 PM   #6
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Original Poster
Rep: Reputation: 15
Thanks for the great info

Thanks for the info, i'll be trying out a few suggestions tonight. I haven't even looked into SSH. will that work the same way as telnet from a windows box?

I saw the -A option for pure-ftpd, it seems to work. I'm having a little problem when I ftp, though, and I don't know if it's on the client side or on the server side. The ftp client hangs when i try to get a directory listing. (I only have 1 linux machine at this point, so the connections are coming from my win2k machine.) This happens both from the command line ftp that is included with windows and from wsftp. Any ideas?
 
Old 12-29-2002, 12:16 AM   #7
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Original Poster
Rep: Reputation: 15
Interesting...

Does ftp use more than port 21? I think that's the problem. The ftp server is sitting behind a Linksys router (with port 21 forwarded to the Linux box) If i ftp right in from the LAN side (192.168.1.X) it works fine. If i try to go in from outside (IE: I ftp to the IP address assigned by Verizon) it connects, but I can't get a directory listing. I assume i won't be able to download files, either... what needs to be opened for the outgoing connections?

Oh, and on another note the -A option does work with pure-ftpd, however adding a symlink to a directory outside of the virtual root does not. I'm stumped on that one...

Last edited by DeezNutz; 12-29-2002 at 12:17 AM.
 
Old 12-29-2002, 12:37 PM   #8
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Original Poster
Rep: Reputation: 15
Woohoo!

I figured out the port problem with the router, I had to use the port range options instead of the single port. It works now.

Now I have to find the time to read the pure-ftpd documentation and setup the users the right way. Thanks for all the help!
 
Old 12-29-2002, 05:00 PM   #9
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
Re: Interesting...

Quote:
Originally posted by DeezNutz

Oh, and on another note the -A option does work with pure-ftpd, however adding a symlink to a directory outside of the virtual root does not. I'm stumped on that one...
I don't know which version you use (binary or compiled from source). If you use a binary one, you should be able to follow symbolic links outside your home dir. If not, you need to compile pureftpd with '--with-virtualchroot' option (passed to ./configure).
 
Old 12-29-2002, 11:22 PM   #10
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Original Poster
Rep: Reputation: 15
I compiled from source... Looks like I'll be recompiling. Or, should I just pull down the binaries? I guess it's off to http://www.pureftpd.org to see if there is any other useful switches that I can/should use.
 
Old 12-29-2002, 11:34 PM   #11
DeezNutz
LQ Newbie
 
Registered: Dec 2002
Location: Ocean County, NJ
Distribution: Mandrake 9.0
Posts: 22

Original Poster
Rep: Reputation: 15
Oh boy...

I am either a total newb or a pure "guy" (most likely, both!).... This was a case of RTFM... I read the FAQ page on PureFTPd.org and it answered most of my questions...

Thanks for the pointers, though, they really were appreciated. (hopefully, as I learn more, I'll be able to contribute as well!)
 
Old 12-30-2002, 07:45 AM   #12
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
:-)
Read the ./configure options, if you decide to recompile. There are many, and many are useful (my ./configure command for pureftpd is always longer than 2 lines..).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security question jonny bravo *BSD 1 07-07-2005 10:37 AM
Security Question brokenflea Slackware 1 02-16-2005 04:19 PM
Security Question oulevon Linux - Security 1 07-11-2002 02:55 PM
Security question {newbie question} Radio Linux - Security 3 05-17-2002 07:32 PM
Security Question mswebs Linux - Security 4 10-29-2001 09:43 AM


All times are GMT -5. The time now is 04:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration