LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-13-2012, 05:19 PM   #1
alieblice
Member
 
Registered: Jul 2011
Posts: 80

Rep: Reputation: Disabled
chroot virtual users in vsftpd


HI
problem: i cannot chroot virtual users in vsftpd
i have checked many links but steel not working
her's the config

Code:
guest_enable=YES
virtual_use_local_privs=YES
local_max_rate=1024000
pam_service_name=vsftpd
user_sub_token=$USER
local_enable=yes
local_root=/var/www/ftp/$USER
guest_username=virtualftp
chroot_local_user=YES
it's apear at the / directory and not chrooted.

i tryed diffrent tye of config like this but not working right
Code:
guest_enable=YES
virtual_use_local_privs=YES
local_max_rate=1024000
pam_service_name=vsftpd
#user_sub_token=$USER
local_enable=yes
#local_root=/var/www/ftp/$USER
guest_username=virtualftp
#chroot_local_user=YES
user_config_dir=/etc/vsftpd

etc/vsftpd/virtualftp :
Code:
write_enable=YES
chroot_local_user=YES
local_root=/var/www/ftp/$USER
user_sub_token=$USER
guest_username=virtualftp
 
Old 02-14-2012, 12:42 AM   #2
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
check the syntax used in vsftpd.conf
Code:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
Code:
user_config_dir=/etc/vsftpd_user_conf
Code:
#vi /etc/vsftpd/chroot_list
virtualftp
#mkdir /etc/vsftpd_user_conf
Code:
#vi /etc/vsftpd_user_conf/virtualftp
write_enable=YES
chroot_local_user=YES
local_root=/var/www/ftp/$USER


now make virtualftp user log in and check

Last edited by deep27ak; 02-14-2012 at 12:47 AM.
 
Old 02-14-2012, 04:01 AM   #3
alieblice
Member
 
Registered: Jul 2011
Posts: 80

Original Poster
Rep: Reputation: Disabled
thanks for replying.
still not working . its just chroot to virtualftp's home directory(/home/virtualftp) and not to user's home directory(/var/www/ftp/USER-NAME) and it's able to change directory to every where.

here's the config

Code:
uest_enable=YES
virtual_use_local_privs=YES
local_max_rate=1024000
pam_service_name=vsftpd
local_enable=yes
guest_username=virtualftp
chroot_local_user=NO
user_config_dir=/etc/vsftpd
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
/etc/vsftpd/virtualftp
Code:
root@debian:/etc/vsftpd# cat  virtualftp 
write_enable=YES
chroot_local_user=YES
local_root=/var/www/ftp/$USER
user_sub_token=$USER
 
Old 02-14-2012, 04:07 AM   #4
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Suppose you want to chroot user1 in his home directory

Code:
#vi vsftpd.conf

user_config_dir=/etc/vsftpd_user_conf
anonymous_enable=NO
chroot_list_enable=YES
Code:
#mkdir /etc/vsftpd_user_conf

#vi /etc/vsftpd_user_conf/user1
write_enable=YES
chroot_local_user=YES
local_root=/var/www/ftp/$USER
 
Old 02-14-2012, 04:58 AM   #5
alieblice
Member
 
Registered: Jul 2011
Posts: 80

Original Poster
Rep: Reputation: Disabled
thanks for reply . its steel not working . i put all the configs. lili is a virtual user and virtualftp is a local user.
its not chrooted and it appear in / directory . it cant goto any directory except var/www/ftp/lili .


/etc/vsftpd.conf
Code:
guest_enable=YES
virtual_use_local_privs=YES
local_max_rate=1024000
pam_service_name=vsftpd
#user_sub_token=$USER
#local_enable=yes
#local_root=/var/www/ftp/$USER
guest_username=virtualftp
chroot_local_user=NO
user_config_dir=/etc/vsftpd
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
/etc/vsftpd/chroot_list
Code:
virtualftp
lili
/etc/vsftpd/lili
Code:
write_enable=YES
chroot_local_user=YES
local_root=/var/www/ftp/$USER
user_sub_token=$USER
 
Old 02-14-2012, 05:01 AM   #6
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
I don't think you read my post correctly

Code:
user_config_dir=/etc/vsftpd_user_conf
 
Old 02-14-2012, 07:16 AM   #7
alieblice
Member
 
Registered: Jul 2011
Posts: 80

Original Poster
Rep: Reputation: Disabled
i changed vsftpd directory to vsftpd_chroot_con
but nothing changed .
all configs are same as before just
user_config_dir=/etc/vsftpd
changed to
user_config_dir=/etc/vsftpd_user_conf
and lili moved to user_config_dir=/etc/vsftpd_user_conf from /etc/vsftpd
 
Old 02-14-2012, 07:53 AM   #8
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
that's weird according to the config file

virtualftp user should log in to the localroot directory i.e.

/var/www/ftp/

Code:
local_root=/var/www/ftp/
and should be chroot there as I did the same in my test machine and everything is working fine
 
1 members found this post helpful.
Old 02-14-2012, 01:32 PM   #9
alieblice
Member
 
Registered: Jul 2011
Posts: 80

Original Poster
Rep: Reputation: Disabled
thank you a lot . it's finally working.

marked as solved.


fore next person reach this thread. here is my configuration.
virtualftp is a local user and lili and sisi are virtual user.

fore adding new user to /etc/vsftpd/passwd you should use " htpasswd " command.

Code:
cat /etc/vsftpd.conf
guest_enable=YES
virtual_use_local_privs=YES
local_max_rate=1024000
pam_service_name=vsftpd
user_sub_token=$USER
#local_enable=yes
local_root=/var/www/ftp/$USER
guest_username=virtualftp
chroot_local_user=NO
user_config_dir=/etc/vsftpd_user_conf
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
------------------------------------------------------
root@debian:~# cat /etc/vsftpd_user_conf/lili
write_enable=YES
chroot_local_user=YES
local_root=/var/www/ftp/$USER
user_sub_token=$USER
root@debian:~# 
--------------------------------------------------------
root@debian:~# cat /etc/pam.d/vsftpd 
# Standard behaviour for ftpd(8).
#auth    required    
#pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

# Standard pam includes
#@include common-account
#@include common-session
#@include common-auth
#auth    required    pam_shells.so

# Login using a htpasswd file
auth    required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so
----------------------------------------------------------
root@debian:/etc# cat  vsftpd/chroot_list 
virtualftp
lili
----------------------------------------------------------
root@debian:/etc# cat  /etc/vsftpd/passwd 
sisi:so1xO1RfrmgMo
lili:kxHHyX.xt3POU
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allow System Users and Virtual Users in VSFTPd Nickbrandson Linux - Software 0 01-24-2008 08:06 AM
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
vsftpd chroot for users bfay Linux - Software 0 07-21-2006 09:13 AM
vsftpd and virtual users chrull Linux - Software 0 05-14-2004 05:09 PM
vsftpd and virtual users JeffV Linux - Software 2 11-14-2003 09:47 AM


All times are GMT -5. The time now is 05:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration