LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   VSFTPD Configuration & Firewall Problem (https://www.linuxquestions.org/questions/linux-software-2/vsftpd-configuration-and-firewall-problem-403054/)

rcrosoer 01-13-2006 04:45 PM
VSFTPD Configuration & Firewall Problem
 
Hi,

I am having difficulties configuring VSFTPD. I am running Suse 8.0 and SAMBA (this is suffering grief with the firewall too)

I would like to to have the server accept anonymous and named users.

The first problem I have is with the firewall. If it up then no transfers are possible. If I take the firewall down then I can log in can log in and transfer with a username but anonymous login does not allow any transfers and directory changing and directory creation fails too.

I guess this is the first priority.

Then I have a problem of limiting access. If I log in with my account name or as a user with only limited access rights I can still get anywhere on the system reek havoc.

So I guess the question is how do I prevent a user getting out of the public directory?

I have created a user group with read only privaleges as per the tutorial I found at

siliconvalleyccie.com/linux-hn/ftp-server.htm site

but they have restricted rights in their home directory. they can drill up to root without limitation

And finally, where is the home directory for the anonymous user?

here is my conf file

anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to THE GREENWAY FTP service.
pam_service_name=vsftp

--
Regards
Rick

bosewicht 01-13-2006 04:55 PM
I would read the vsftp man pages before you open this up, you could end up causing yourself a lot of grief with an insecure ftp server.

From http://vsftpd.beasts.org/vsftpd_conf.html

chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.

Default: /etc/vsftpd.chroot_list

rcrosoer 01-14-2006 05:48 AM
Ah the penny is dropping! (Sorry but I only got off the boat this week so my knowledge of local customs and dialects is a little sketchy.)

I understand the local_user is anybody who is not anonymous. I had thought that it referred to internal and externally connected users.
What I am trying to achieve is 3 classes of users, lets call them punters, customers and staff. All punters are anonymous. Customers should be held in the root jail and staff can roam anywhere in the ftp area of the machine.

So if I have added

chroot_list_enable=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list

Now customers are locked in /home/cust_pub with read only priviliges, fine. Staff have read and write privileges in /home/staff_dir and /home/shareddocs but can browse over the whole machine.

How can I stop them going up from /home ?

Setting file access permissions right seems to be a labour of love but I'm getting there!

Please can you tell me where the anonymous directory is or should be created?


All times are GMT -5. The time now is 02:28 PM.