LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-09-2008, 12:49 AM   #1
s2cuts
Member
 
Registered: Mar 2007
Posts: 61

Rep: Reputation: 18
Securing FTP, chroot... Not the same old question!


Hello all,

I'm setting up a home server with CentOS4. And one of the things I want it to do is be an FTP server. I've got vsftpd set up pretty well, except for one thing.

I want to lock users into their home directories so they can securely keep personal files and the such. Chrooting them seems to be the solution. However, I also want them all to be able to get to a common directory, which is in a different path, through that same login. I thought I could just put a symbolic link into each of their home directories pointing to the common directory, but chroot really does keep them lock down in there.

I would really like to do this without creating generic users accounts. I thought that maybe I could forgo chroot, and set stricter permissions on the user's home directory. This guards the user's directory, however, it allows users to back up to / and go where ever. I'd like to avoid that.

Has anyone had a similar problem? How did they overcome it? Any suggestions would be greatly appreciated.

Thanks for your time everyone.
 
Old 08-09-2008, 10:20 AM   #2
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 489

Rep: Reputation: 37
Ok, First you have chrooted the FTP user to his home directory and he has no Shell which is working. Now lets assume, the home directory is /usr/local/apache/htdocs/access1 folder.

Now you want to give this FTP user access to another directory say /mnt/access2.

If this is the situation then I think create a symbolic link to /mnt/access2 from users home directory and give the FTP user the required permission through ACL in /mnt/access2. I am not sure about this; its just a suggesstion.
 
Old 08-09-2008, 03:19 PM   #3
s2cuts
Member
 
Registered: Mar 2007
Posts: 61

Original Poster
Rep: Reputation: 18
BTW, I also stumbled across "mount --bind" in place of creating a symbolic link. Of course, this requires you also maintain fstab accordingly, but it does allow you to give a chrooted user some access outside of his home directory.

There may be easier ways though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing FTP (using only existing SW) turalo Solaris / OpenSolaris 5 06-14-2007 08:20 AM
Securing FTP shafey Linux - Security 1 03-15-2007 10:59 AM
Securing machine that needs telnet and ftp keysorsoze Linux - Security 5 05-04-2006 07:31 PM
securing ftp Crunch Linux - Security 4 08-06-2003 09:15 AM
securing FTP radnix Linux - Security 3 09-16-2002 02:46 PM


All times are GMT -5. The time now is 04:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration