LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-13-2006, 04:45 PM   #1
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Rep: Reputation: 15
VSFTPD Configuration & Firewall Problem


Hi,

I am having difficulties configuring VSFTPD. I am running Suse 8.0 and SAMBA (this is suffering grief with the firewall too)

I would like to to have the server accept anonymous and named users.

The first problem I have is with the firewall. If it up then no transfers are possible. If I take the firewall down then I can log in can log in and transfer with a username but anonymous login does not allow any transfers and directory changing and directory creation fails too.

I guess this is the first priority.

Then I have a problem of limiting access. If I log in with my account name or as a user with only limited access rights I can still get anywhere on the system reek havoc.

So I guess the question is how do I prevent a user getting out of the public directory?

I have created a user group with read only privaleges as per the tutorial I found at

siliconvalleyccie.com/linux-hn/ftp-server.htm site

but they have restricted rights in their home directory. they can drill up to root without limitation

And finally, where is the home directory for the anonymous user?

here is my conf file

anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to THE GREENWAY FTP service.
pam_service_name=vsftp

--
Regards
Rick
 
Old 01-13-2006, 04:55 PM   #2
bosewicht
Senior Member
 
Registered: Aug 2003
Location: Honolulu, HI
Distribution: Arch
Posts: 1,380

Rep: Reputation: 47
I would read the vsftp man pages before you open this up, you could end up causing yourself a lot of grief with an insecure ftp server.

From http://vsftpd.beasts.org/vsftpd_conf.html

chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.

Default: /etc/vsftpd.chroot_list
 
Old 01-14-2006, 05:48 AM   #3
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Ah the penny is dropping! (Sorry but I only got off the boat this week so my knowledge of local customs and dialects is a little sketchy.)

I understand the local_user is anybody who is not anonymous. I had thought that it referred to internal and externally connected users.
What I am trying to achieve is 3 classes of users, lets call them punters, customers and staff. All punters are anonymous. Customers should be held in the root jail and staff can roam anywhere in the ftp area of the machine.

So if I have added

chroot_list_enable=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list

Now customers are locked in /home/cust_pub with read only priviliges, fine. Staff have read and write privileges in /home/staff_dir and /home/shareddocs but can browse over the whole machine.

How can I stop them going up from /home ?

Setting file access permissions right seems to be a labour of love but I'm getting there!

Please can you tell me where the anonymous directory is or should be created?

Last edited by rcrosoer; 01-14-2006 at 05:54 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem: VSFTPD using SSL through firewall dancinfrandsen Linux - Software 0 03-30-2005 03:01 PM
Lan configuration problem - NFS boot problem - RX&TX packets errors 242VDM242 Linux - Networking 4 11-25-2004 01:35 PM
vsftpd configuration problem adrianmak Linux - Software 0 09-15-2004 07:18 AM
LAN & firewall problem ZaphyR Linux - Networking 2 07-28-2004 02:43 PM
SuSE 9.0 Pro : vsftpd configuration problem pnoronen Linux - Networking 0 02-11-2004 06:52 AM


All times are GMT -5. The time now is 01:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration