LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-16-2005, 08:26 AM   #1
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Rep: Reputation: 30
Secure file and passwd transfers


Hello,

I have VSFTP on my freeBSD 5.4 system that my friends and I use to trade files. They all share the same account and password that I created. I have denied them shell access, and they are chrooted to their ~. However.

1: Is it possible to stop them from deleting items, but to still get and write?
2: I don't like the passwords being passed along the net plain text, is there another option other than scp for them to get and write, as I really don't want them to have shell access? If it is https, is it possible to upload large files?

Any help is greatly appreciated.
 
Old 11-17-2005, 08:06 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
1. I'm sure thats just a Vsftp config setting.
2. There are shells for scp to allow just scp and nothing more. Look for Scponly (or Rssh?).
 
Old 11-17-2005, 12:30 PM   #3
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Original Poster
Rep: Reputation: 30
Thank you, I will look into these options.
 
Old 11-17-2005, 02:53 PM   #4
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Original Poster
Rep: Reputation: 30
Hello,

The cmds_allowed option is what I was looking for in my vsftpd.conf. This is a comma seperated list of commands I would allow in an ftp session. However I am recieving this error when I try and restart the service.
Code:
OSIRIS# /usr/local/sbin/vsftpd &
[1] 12832
500 OOPS: missing value in config file for:
I googled the error and have not been able to come up with much that would help, I have posted my config file below. Thanks for any help offered.
Code:
# allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022

anon_upload_enable=NO
anon_mkdir_write_enable=NO

# Activate directory messages 
dirmessage_enable=YES

# Activate logging of uploads/downloads.
xferlog_enable=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
#connect_from_port_20=YES

chown_uploads=YES
chown_username=ftp_user

xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES

idle_session_timeout=600
data_connection_timeout=120

nopriv_user=nobody

#ascii_upload_enable=YES
#ascii_download_enable=YES

#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
listen=YES
background=YES
pasv_enable=YES
pasv_max_port=20000
pasv_min_port=15000
pasv_promiscuous=YES
log_ftp_protocol=YES
cmds_allowed=ABOR,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,SIZE,STOR,TYPE,USER,ACCT,HELP,SYST
Sorry if this should be a thread in an different forum. As it was related to my original post I thought it should stay here.
Many thanks in advance.

Last edited by lord-fu; 11-17-2005 at 02:54 PM.
 
Old 11-17-2005, 06:29 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
However I am recieving this error when I try and restart the service.
Diff your current & previous config and focus on the changes.
 
Old 11-19-2005, 12:09 AM   #6
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Original Poster
Rep: Reputation: 30
Sorry to repost here, but all it was clearing the cmds_allowed line and then redoing the line over, I guess I mistyped or something the first time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Gaim file transfers... astronerd Linux - Software 1 04-05-2005 02:51 AM
File Transfers STALL! TomalakBORG Linux - Hardware 2 12-13-2004 07:15 PM
File Transfers in Kopete WarlockofVirgo Linux - Software 0 07-24-2004 02:50 AM
irc file transfers Serena Linux - Software 1 10-03-2002 05:28 PM
file transfers in Gaim anyone? shassouneh Linux - Networking 2 03-29-2002 08:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration