vsftpd SSH add user

Legerarmy · 09-05-2010, 08:20 AM

Hi there.

I'm trying to add users.
(Translation: gebruiker = user)

I did this:
groupadd gebruikers
chgrp -R gebruikers /home/gebruikers
useradd gebruiker1 -d /home/gebruikers/gebruiker1 -p {wachtwoord}
useradd gebruiker2 -d /home/gebruikers/gebruiker2 -p {wachtwoord}
gpasswd -a gebruiker1 gebruikers
gpasswd -a gebruiker2 gebruikers

I want that only gebruiker1 can be in his map home/gebruikers/gebruiker1
But now he can see the whole server dir.
How to change this?

bathory · 09-06-2010, 03:24 AM

Hi,

If you want to restrict users in their home directories you need

Code:

chroot_local_user=YES

in vsftpd.conf

Legerarmy · 09-06-2010, 12:11 PM

This is my vsftpd.conf:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/xferlog
xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd/banned_emails
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
#ls_recurse_enable=YES
listen=YES
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

so it still don't works, what to do?
in chroot_list is the following text:

#nobody

bathory · 09-06-2010, 01:41 PM

Since you're using "chroot_list_enable", then you have to list the users that are to be chrooted in the /etc/vsftpd/chroot_list file. For example to chroot gebruiker1, edit to be:

Code:

#nobody
gebruiker1

and restart vsftpd

Hangdog42 · 09-06-2010, 01:42 PM

Quote:

chroot_list_file=/etc/vsftpd/chroot_list

Try commenting out this line. Since you've set chroot_local_users to YES, this means that any users entered into this file will NOT be chrooted.

<edit>

Beaten to the punch by bathory!
</edit>

bathory · 09-06-2010, 01:55 PM

@Hangdog42

OP does not have chroot_local_users set, so he has to go with adding users he want to chroot, in the file defined by chroot_list_file

Regards

Hangdog42 · 09-06-2010, 01:56 PM

Quote:

Originally Posted by bathory

@Hangdog42

OP does not have chroot_local_users set, so he has to go with adding users he want to chroot, in the file defined by chroot_list_file

Regards

D'OH! Yeah, you're right.

Legerarmy · 09-06-2010, 04:29 PM

ok cool that works.

Now the user gebruiker1 only can be in the map gebruiker1.
But can i change his home dir to:

/gebruiker1/orangebox/cstrike

how can i do that?

bathory · 09-06-2010, 04:49 PM

Glad to see it worked.

To change the homedir of a user run (as root)

Code:

usermod -d /gebruiker1/orangebox/cstrike gebruiker1

Read usermod manpage to see if you want to use also the -m option

Regards