LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 03-17-2012, 04:49 AM   #1
forzastiinta
LQ Newbie
 
Registered: Mar 2012
Posts: 1

Rep: Reputation: Disabled
vsftpd - restrict access to system directories (/etc, /bin, /opt)


Hi!
There is user's home folder that should be accessed with ftp (/home/username) BUT I want to acces an share folder (everyone can share files) like /home/share. Moreover I do not want for that users to access the system directories.

If I jail the user in his home it cannot access /etc, it can access his own home folder BUT cannot access /home/share (If I create ln -s /home/share /home/username/share it will fail changing into that dir).

If I do not jail the user in his home it can access /etc (which is bad) and, of course, it can access /home/username and /home/share.

At the 1st situation I can mount --bind /home/share /home/username (in fstab to be available on boot) BUT it doesn't seems to be a modern solution.


Please help! Ty
 
Old 03-17-2012, 06:15 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,
Quote:
At the 1st situation I can mount --bind /home/share /home/username (in fstab to be available on boot) BUT it doesn't seems to be a modern solution.
I'm afraid this is your only way if you want to access directories outside the user's chroot jail. By design vsftpd does not allow to follow symlinks pointing outside the user's homedir

Regards
 
Old 03-22-2012, 03:39 AM   #3
ioask4it
LQ Newbie
 
Registered: Mar 2012
Posts: 3

Rep: Reputation: Disabled
hide_file={/bin*,/boot*,/dev*,/etc*,/lib*,/lib64*,/media*,/misc*,/mnt*,/net*,/opt*,/proc*,/sbin*,/selinux*,/srv*,/tmp*,/usr*,/var*}
deny_file={/bin*,/boot*,/dev*,/etc*,/lib*,/lib64*,/media*,/misc*,/mnt*,/net*,/opt*,/proc*,/sbin*,/selinux*,/srv*,/tmp*,/usr*,/var*}

Z solution!

Last edited by ioask4it; 03-22-2012 at 03:40 AM.
 
Old 03-22-2012, 04:46 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
Originally Posted by ioask4it View Post
hide_file={/bin*,/boot*,/dev*,/etc*,/lib*,/lib64*,/media*,/misc*,/mnt*,/net*,/opt*,/proc*,/sbin*,/selinux*,/srv*,/tmp*,/usr*,/var*}
deny_file={/bin*,/boot*,/dev*,/etc*,/lib*,/lib64*,/media*,/misc*,/mnt*,/net*,/opt*,/proc*,/sbin*,/selinux*,/srv*,/tmp*,/usr*,/var*}

Z solution!
Could be a workaround, but it has a flaw. How deny access to the other users homedirs?
 
Old 03-22-2012, 08:06 PM   #5
ioask4it
LQ Newbie
 
Registered: Mar 2012
Posts: 3

Rep: Reputation: Disabled
in this case the ftp user see the directories in the /home but cannot acces them because they are (default) with no right for others.
Is identically with cd /home/anotherUser in bash, it will give an error
 
Old 03-30-2012, 12:00 PM   #6
ioask4it
LQ Newbie
 
Registered: Mar 2012
Posts: 3

Rep: Reputation: Disabled
anyway, is a solution and I think it has no security flaws...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD - restrict user access? v00d00101 Linux - Security 2 08-09-2011 03:35 PM
copy /bin/perl to /opt/bin/perl. What all things to consider while copying? rohit.dhaval1 Linux - Software 4 02-20-2011 05:06 PM
Regarding # /opt/CTEact/bin/act & /opt/SUNWexplo/bin/explorer not available for x86 rajaniyer123 Solaris / OpenSolaris 6 04-24-2008 10:09 AM
restrict access of a user to two directories only vikas027 Linux - Enterprise 5 04-15-2008 12:18 PM
how to stop users on the system from access /etc /var /bin /boot ... etc... artistik Linux - Security 11 12-01-2003 07:42 PM


All times are GMT -5. The time now is 09:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration