LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   CHROOT in VSFTPD (https://www.linuxquestions.org/questions/linux-security-4/chroot-in-vsftpd-600199/)

rolando1bueno 11-16-2007 02:04 PM
CHROOT in VSFTPD
 
Hi everyone there.

I'm mounting a FTP server allowing only local user to login.
My problem is that I'm trying to jail the users in a chroot list to their home directory, but when they access the FTP server using CORE FTP, they can access all other folders.

Here's my vsftp.conf chroot configurations an the userlist configuration either.

chmod_enable=NO
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list


userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list


I've read in lot's of forums and this should work fine, but it doesn't

please some help

cojo 11-18-2007 12:20 AM
comment out "chroot_local_user=NO" and make sure you have all the userid in the vsftpd.chroot_list file that you want to chroot in their home directory.

rolando1bueno 11-21-2007 07:01 AM
gracias Cojo,,,,
it didn't work, commenting out "chroot_local_user=NO" is the same that using "chroot_local_user=NO". I'd try it but nothing happend.
The other rare thing is that using filezilla the user are jailed.

thanx

Rolando1bueno

cojo 11-21-2007 10:23 PM
can you post your /etc/vsftpd.chroot_list and your vsftpd.conf files?

rolando1bueno 11-22-2007 06:36 AM
Here is the vsftpd.conf :

listen=YES

#listen_ipv6=YES

anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022

#anon_upload_enable=YES

#anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

#chown_uploads=YES
#chown_username=whoever
#
#xferlog_file=/var/log/vsftpd.log
#

#xferlog_std_format=YES

#idle_session_timeout=600
#
#data_connection_timeout=120
#
#nopriv_user=ftpsecure
#
#async_abor_enable=YES
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
ftpd_banner=Servidor FTP de ENERGETICA
#
#deny_email_enable=YES

#banned_email_file=/etc/vsftpd.banned_emails
#
chmod_enable=NO

#chroot_local_user=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd.chroot_list

#ls_recurse_enable=YES
#
secure_chroot_dir=/var/run/vsftpd
#
pam_service_name=vsftpd
#
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list


And here is the vsftpd.chroot_list :

#usuarios enjaulados FTP
rafi
jare
migf
vhlw
gcyq
cema
vajt
paginar

Thanx for your time....

cojo 11-23-2007 11:45 PM
your config file look fine. The only thing I can see is either your chroot file is not in /etc/vsftpd.chroot_list or misspelled of userid within your chroot file. What is the permission on your vsftpd.chroot_list file?

rolando1bueno 12-04-2007 06:16 AM
I haven't set any permission to the chroot file, should I? What permission should I set to it?

Thanks

Rolando1bueno

shahz 12-04-2007 09:05 AM
okay just check the permission if the file could be read by the daemon.

it may work, or otherwise try to remove the vsftpd package and install back before doing this have your configuration files saved. some times your true configuration doesn't work as it happend with me some time installing the package again it worked.

stevemisawa 12-09-2007 09:32 AM
i had the problem with users being able to wander around to any dir above their home dir, in the vsftp.conf i set chroot_local_user=YES
that worked for me, no more wandering outside of their dirs. hope that helps.


All times are GMT -5. The time now is 11:38 PM.