LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 09-05-2010, 09:20 AM   #1
Legerarmy
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Rep: Reputation: 0
vsftpd SSH add user


Hi there.

I'm trying to add users.
(Translation: gebruiker = user)


I did this:
groupadd gebruikers
chgrp -R gebruikers /home/gebruikers
useradd gebruiker1 -d /home/gebruikers/gebruiker1 -p {wachtwoord}
useradd gebruiker2 -d /home/gebruikers/gebruiker2 -p {wachtwoord}
gpasswd -a gebruiker1 gebruikers
gpasswd -a gebruiker2 gebruikers

I want that only gebruiker1 can be in his map home/gebruikers/gebruiker1
But now he can see the whole server dir.
How to change this?
 
Old 09-06-2010, 04:24 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

If you want to restrict users in their home directories you need
Code:
chroot_local_user=YES
in vsftpd.conf
 
Old 09-06-2010, 01:11 PM   #3
Legerarmy
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
This is my vsftpd.conf:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/xferlog
xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd/banned_emails
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
#ls_recurse_enable=YES
listen=YES
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

so it still don't works, what to do?
in chroot_list is the following text:

#nobody

Last edited by Legerarmy; 09-06-2010 at 01:15 PM.
 
Old 09-06-2010, 02:41 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Since you're using "chroot_list_enable", then you have to list the users that are to be chrooted in the /etc/vsftpd/chroot_list file. For example to chroot gebruiker1, edit to be:
Code:
#nobody
gebruiker1
and restart vsftpd
 
1 members found this post helpful.
Old 09-06-2010, 02:42 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
chroot_list_file=/etc/vsftpd/chroot_list
Try commenting out this line. Since you've set chroot_local_users to YES, this means that any users entered into this file will NOT be chrooted.

<edit>

Beaten to the punch by bathory!
</edit>
 
Old 09-06-2010, 02:55 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
@Hangdog42

OP does not have chroot_local_users set, so he has to go with adding users he want to chroot, in the file defined by chroot_list_file

Regards
 
Old 09-06-2010, 02:56 PM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Originally Posted by bathory View Post
@Hangdog42

OP does not have chroot_local_users set, so he has to go with adding users he want to chroot, in the file defined by chroot_list_file

Regards

D'OH! Yeah, you're right.
 
Old 09-06-2010, 05:29 PM   #8
Legerarmy
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
ok cool that works.

Now the user gebruiker1 only can be in the map gebruiker1.
But can i change his home dir to:

/gebruiker1/orangebox/cstrike

how can i do that?
 
Old 09-06-2010, 05:49 PM   #9
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Glad to see it worked.

To change the homedir of a user run (as root)
Code:
usermod -d /gebruiker1/orangebox/cstrike gebruiker1
Read usermod manpage to see if you want to use also the -m option

Regards
 
1 members found this post helpful.
  


Reply

Tags
group, groups, ssh, user, users, vsftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
VSFTPD:How to have vsftpd ask for anon user to "send email for password"? dmurray8888 Linux - Networking 1 08-31-2008 07:04 PM
Limit user via SSH (AllowedUser) but how NOT to affect vsftpd? Swakoo Linux - Security 13 06-25-2007 10:33 AM
How to add user with root privileges and SSH access adamrad Linux - General 8 10-31-2006 03:53 PM
Add a new SSH login/user Temujin_12 Linux - Networking 2 12-31-2004 11:35 PM


All times are GMT -5. The time now is 03:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration