VSFTPD Configuration & Firewall Problem
Hi,
I am having difficulties configuring VSFTPD. I am running Suse 8.0 and SAMBA (this is suffering grief with the firewall too) I would like to to have the server accept anonymous and named users. The first problem I have is with the firewall. If it up then no transfers are possible. If I take the firewall down then I can log in can log in and transfer with a username but anonymous login does not allow any transfers and directory changing and directory creation fails too. I guess this is the first priority. Then I have a problem of limiting access. If I log in with my account name or as a user with only limited access rights I can still get anywhere on the system reek havoc. So I guess the question is how do I prevent a user getting out of the public directory? I have created a user group with read only privaleges as per the tutorial I found at siliconvalleyccie.com/linux-hn/ftp-server.htm site but they have restricted rights in their home directory. they can drill up to root without limitation And finally, where is the home directory for the anonymous user? here is my conf file anonymous_enable=YES local_enable=YES write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES ftpd_banner=Welcome to THE GREENWAY FTP service. pam_service_name=vsftp -- Regards Rick |
I would read the vsftp man pages before you open this up, you could end up causing yourself a lot of grief with an insecure ftp server.
From http://vsftpd.beasts.org/vsftpd_conf.html chroot_list_file The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail. Default: /etc/vsftpd.chroot_list |
Ah the penny is dropping! (Sorry but I only got off the boat this week so my knowledge of local customs and dialects is a little sketchy.)
I understand the local_user is anybody who is not anonymous. I had thought that it referred to internal and externally connected users. What I am trying to achieve is 3 classes of users, lets call them punters, customers and staff. All punters are anonymous. Customers should be held in the root jail and staff can roam anywhere in the ftp area of the machine. So if I have added chroot_list_enable=YES chroot_local_user=YES chroot_list_file=/etc/vsftpd.chroot_list Now customers are locked in /home/cust_pub with read only priviliges, fine. Staff have read and write privileges in /home/staff_dir and /home/shareddocs but can browse over the whole machine. How can I stop them going up from /home ? Setting file access permissions right seems to be a labour of love but I'm getting there! Please can you tell me where the anonymous directory is or should be created? |
All times are GMT -5. The time now is 02:28 PM. |