VSFTPD Local Test
Hi there!!!
Iīm having some problems with vsftpd... Iīve read and did everything on the www.vsftpdrocks.org site (RPM install) but when I run the local test (first test) this message appears on the console: 500 OOPS: could not listen IPv4 socket Could anybody help? Thanks a lot!!! |
Ok... After typing /usr/sbin/vsftpd &, I try to connect locally to vsftpd by typing: ftp localhost and I get this response...
ftp: connect: connection timed out. Can somebody help me out here? |
try to flush iptables by iptables -F and try again ftping
|
Here ya go...
Iīve been able to connect locally with my ftp server. It had something to do with the loopback interface... After adding this line, the local connection can be established. Code:
/sbin/iptables -A INPUT -i lo -j ACCEPT Code:
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT Just for some more information. I used that same line for opening port 80 (/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT) and when I use symantecīs port scanner (On Symantec Site), It shows port 80 as open... The same line with port 21 shows closed. While all the others are stealth... Isnīt that weird??? Iīm running vsftpd through Xinetd by the way... |
if you're running it through xinetd, I don't think you should be using the command /usr/sbin/vsftpd & to start it.
xinetd should be configured to start it, and the vsftpd.conf file should NOT contain listen = yes (default is listen = no) |
Yep... The problem was with xinetd.
Yesterday, instead of creating a file named vsftpd inside /etc/xinetd.d, I edited the xinetd.conf file and putted everything I wanted regarding the ftp service. Then everything worked fine. But now I have another concern about FTP in general. I donīt know if I should create a new thread or leave it inside this one. Any way here it is... I created a folder inside my ftp folder... A folder called palula. Then I created a user with that same name. I changed the owner of the folder to that user and gave that user permission to write, read and execute, and no permission to others... After that I went to the vsftpd.conf and supressed permition for anonymous login to the ftp. After that I restarted xinetd and tried to logon again. A pop-up window appeared telling that this server did not permit anonymous logins etc... Wich was supposed to happen. But when I typed palula and that userīs password within the prompt, the pop-up kept appearing on and on, and I couldnīt access the server with write permissions to the folder (wich is what I wanted in the first place). Can anyody help me out? |
lets see your vsftpd.conf
for local users, like paula, you need to have the user exist in the passwd file with a valid shell accorcing to /etc/shells (if the user shoudn't be able to log into the linux box to get a command prompt, use /bin/false and put that in /etc/shells) also, the option 'local enable' needs to be set to yes (default is no) for local users. If enabled, normal user accounts in /etc/passwd may be used to log in. I restrict who may use ftp by using the userlist_deny and userlist_enable options. |
Ok the login problem was solved. The problem was happening because of the local enable command line (it was commented).
Very nice, but now Iīm facing a security problem. Users logging in to my ftp can go typing cd.. until they reach the "/" folder. And the upmost folder I would like for them to reach is the ftp folder. This is the structure of the folders: /root/var/ftp/"user_folders" So the upmost should be "ftp" they shouldnīt reach any folder above ftp (like var or /). How can I do that? Is there any other security I can implement to improove the security within logged users, like for example resctric his bash? Is yes, how can I do that? Thanks a lot. |
Iīve looked into it, and I found out that the user is accessing his home folder.
I just want the user to access the /var/ftp/ and to not be able to go up any level. Another thing, I created the vsftpd.chroot_list and added the user to that list. So he wasnīt able to access the home directory. Ok thatīs cool but the user is in "/". And when I type ls no file appears... Again, I would like for the user to only access the /var/ftp and all downward folders (in this case, the ones he has access) but not upwards. I donīt want any user accessing anything over /var/ftp, this includes even the /var folder. Thanks a lot guys. |
chroot means that /var/ftp will the the users room when they log in, meaning it looks like they're in the root of the filesystem, /, but they're not. They're really in /var/ftp
|
Ok! So it means the user logged in is in the /var/ftp directory and he/she canīt go to an upper level right. Thatīs exactly what I wanted. But why canīt the user see my folders beyond /var/ftp, like for example one Iīve created "/var/ftp/statistics" or one the vsftpd creates by default "/var/ftp/pub"?
If the user lists anything, no folder appears. And I want it to show those folders... The permissions of folder pub are: rwxr-xr-x --- Everybody should be able to access. And the permissions of folder pub are: rwxr-xr-x --- Itīs open for everybody to see itīs contents too? Why doesnīt they appear? Thanks a lot. :-) |
post your vsftpd.conf
|
what is the particular user's home directory? that's in the passwd file if you don't know.
|
Here goes the vsftpd.conf
Code:
# Example config file /etc/vsftpd/vsftpd.conf Thank in advance. |
About the home directory...
When I create any user, their default directory is /home/"user" Hope this helps. :-) |
All times are GMT -5. The time now is 10:12 PM. |