LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-03-2005, 02:00 PM   #1
Jukas
Member
 
Registered: Mar 2005
Posts: 141

Rep: Reputation: 15
Vsftpd Config ? Is this possible?


I've got vsftpd running fine on my debian box and allowing connections to local users. However I also want to allow connections to specific non local usernames and chroot jail them in a specific directory and give them write/modify permissions to a single sub directory.

In short I'd like the config to be like this..

Local users:
Login as normal, put in their home directory

Non local user:
if they match an allowed username / pw I'd like them to be put in and chrooted to /ftp with only read/execute permissions on subdirectories except /ftp/uploads which they would have rwx permissions to.

Anon users - denied immediately.

I've read the man pages for the vsftpd.conf and played with the userlist_enable/deny/file options but that seems to only control local users.

Basically I want to be able to have people/clients who don't have a account on my linux box to be able to ftp into a specific directory and browse all sub directories and dl any content there. I also want them to be able to upload to 1 specific directory only.

Did I miss something in the man pages? Is this even possible with vsftpd?
 
Old 11-03-2005, 02:45 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 97
Hi.

I believe it's possible to do something like this with PAM, but I'm no expert in that field. Why not just create local users for these accounts?
Make their home directory /ftp and make their login shell /sbin/nologin You can then just use normal filesystem permissions to give access to their own subdirectory.

Dave
 
Old 11-03-2005, 05:17 PM   #3
Jukas
Member
 
Registered: Mar 2005
Posts: 141

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by ilikejam
Hi.

I believe it's possible to do something like this with PAM, but I'm no expert in that field. Why not just create local users for these accounts?
Make their home directory /ftp and make their login shell /sbin/nologin You can then just use normal filesystem permissions to give access to their own subdirectory.

Dave
Yeah, that's probably how I'll end up doing it. I was just curious if was possible to do within vsftpd itself.
 
Old 11-03-2005, 07:09 PM   #4
chemdawg
Member
 
Registered: Jan 2005
Distribution: Mandriva
Posts: 206

Rep: Reputation: 31
it is indeed - you can get some insight reading the vsftpd.conf.5 file as it has a lot more options than the standard vsftpd.conf file. i think these two lines will jail users to their home directories.

Code:
passwd_chroot_enable=YES
chroot_local_user=YES
and you'll need to create the users with adduser and also add their names to the vsftpd.chroot_list file.
 
Old 11-03-2005, 07:11 PM   #5
Jukas
Member
 
Registered: Mar 2005
Posts: 141

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by chemdawg
it is indeed - you can get some insight reading the vsftpd.conf.5 file as it has a lot more options than the standard vsftpd.conf file. i think these two lines will jail users to their home directories.

Code:
passwd_chroot_enable=YES
chroot_local_user=YES
and you'll need to create the users with adduser and also add their names to the vsftpd.chroot_list file.
Thanks for the reply but you misunderstood. My inital query was about doing that without the user being local. I.e. a config file with allowed remote usernames/pw which doesn't seem possible.
 
Old 11-03-2005, 07:51 PM   #6
chemdawg
Member
 
Registered: Jan 2005
Distribution: Mandriva
Posts: 206

Rep: Reputation: 31
I am sorry, I did misunderstand. I agree with you, I havn't found a way to do that yet. What I ended up doing was what I wrote in my post, and that works for my purpose as well as anything. My friends can access my server because I have given them the generic user and password. I believe the only other option is to make an anonymous login which has no user or password.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD config issue MbowerARA Linux - Networking 9 04-04-2005 06:36 PM
VSFTPD config problem nadsab Linux - Software 0 08-05-2004 02:37 PM
VSFTPD Debian VSFTPD "unrecognised variable in config file" DCT Linux - Software 0 05-29-2004 11:59 PM
vsftpd config hda Linux - Software 7 10-16-2003 10:37 AM
more vsftpd config trouble noisybastard Linux - Networking 5 05-08-2003 11:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration