Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm currently using wu-ftpd to run a couple of services for my friends, basically each one is a mailing list and ftp archive. In order to avoid them messing with the system files (required because I'm running mail accounts as well), and to give a generally cleaner "interface", I have wu_ftpd chroot them to /home/<user>/ftp instead of the more usual /home/<user>. Each account has an otherwise empty ftp directory that thay can make as much mess as they like in.
Now, I don't like a few things about the way wu-ftpd works, and I'd like to migrate to vsftpd, however I can't see a way of getting it to chroot to /home/<user>/ftp for certain individuals.
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
I don't know how the ftp servers work, but as to /etc/passwd,
whatever you give as the home directory (usually /home/user),
when the user logs in, they'll start in that directory. So, if you
make the home directory /home/user/ftp in /etc/passwd, that's where
they'll start for login shells. Like I said, I'm not sure if that applies
to ftp servers as well.
make sure you use vipw to edit your /etc/passwd file
From the config file
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of users to NOT chroot().
# (default follows)
I don't wish to sound ungrateful, but is anyone actually reading the question (other than moses)? I've read the manual, and I know how passwd_chroot_enable works, and it doesn't quite match my requirements as written. I've thought of a bit of a kludgy fix (see above) but I have no idea how dangerous it is to the rest of my system.
Your trying to do something with a normal user id it isn't designed for. Why would you want to keep users out of there home directory when they own it? Can't be security.
Any of your users could use telnet or ssh (if running) to get into the box. Anyone listening could do the same, I now I've been hacked.
You should have separate, no-shell accounts for ftp. Sorry if that doesn't answer your question but its the best advice I can give you.
Very valid points about bending the use for the system. I'm doing it because I need to run with valid mail accounts as well as an ftp repository. The users can't do anything else because they're explicitly locked out of ssh and so on.
In the end I just decide to bite the bullet and mangled the passwd file with:
Which seems to work just fine. So far. Heck, I have backups!