Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm trying to setup a vsftp server. Anonymous is disabled and chrooted the user in their home directory. However when I ran ftp://<IP_Address> on my browser, I can see the list of files of my root diretory. How can I disable this?
Here's what I can seee
FTP root at 10.x.x.x
To view this FTP site in Windows Explorer, click Page, and then click Open FTP Site in Windows Explorer.
chrooted the user in their home directory. However when I ran ftp://<IP_Address> on my browser, I can see the list of files of my root diretory.
Then you haven't set up the chroot properly. Please first search LQ's fora / articles for similar threads because I *know* this one has been answered before and more than a few times. If you then can't figure it out posting your vsftpd config file would be a good start.
Please first search LQ's fora / articles for similar threads because I *know* this one has been answered before and more than a few times. Besides that the Vsftpd docs really contain enough info and even example configs to make it work.
I'm also having the same problem. Using any client such as flashfxp, Command prompt ftp, ftp through Windows Explorer, or ftp through a browser such as firefox or internet explorer prior to version 7 all work fine. The user logs in and gets automatically put in the vsftpd home directory at /var/ftp from where they can go to pub or uploads.
But when a user logs in using internet explorer 7, they go to my root directory. Mind you the user can't actually go into any of these folders because of permission settings, but it's still very unsettling; plus the user has no way to navigate from there to the actual ftp directory. I've googled for this problem and found lots of people having the same problem, but no one has come up with a solution; just people replying with mindless suggestions.
I run fedora core 7 with vsftpd and anonymous users are not allowed.
If anyone can shine some light on this, I greatly appreciate it.
I think PAM is the problem because it is has confusing configuration files and confusing manual that does not explain much. I suggest using SELinux for better security. Microsoft have started to not comply to IMAP protocol with Outlook Express and I think they are starting to do the same with FTP. Though some additional options besides PAM might also giving you problems.
If all else fails, compile vsftpd with the debug option and watch the logs. Use strace and gdb to find out what is going on.
I do not have any line for PAM option in my vsftpd config file. The following is my vsftpd.conf file.
After doing some more googling I learned that for some reason, internet explorer 7 ignores the "home directory" setting for users. I wonder if there is a way for vsftpd to capture what ftp client is being used and act accordingly. For example, if the ftp client is internet explorer 7, then send an error message to the client telling them to use a different client. I'm also gonna try to deny all permissions for the ftp users group to my root directory.
I tested my setup with Internet Explorer 7 on Microsoft Vista Home Premium and it works as expected. It lists the directories and files of the user home files, but can not access / or even ever seeing it. I had to do ftp://username@address. When I use ftp://address, it gave me a permission error, so it will never log in. I think the difference in my setup compared to your setup is the chroot options. I did not use the userlist option. I think placing the users that you gave permission to access your server should be placed in the directory that you specify chroot_list. The manual describes about the chroot feature, but it is confusing at first.
Even though it is not a PAM problem, I suggest get away from using PAM for vsftpd. I think PAM should not be included in any Linux distribution because SELinux is better and has more documentation.