LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-20-2003, 11:37 AM   #1
ohleary
LQ Newbie
 
Registered: Aug 2003
Posts: 12

Rep: Reputation: 0
VSFTPD - lock user to home directory


Hi,

I have read many posts about this and mirrored the setup, but no dice. I have a RedHat 9 system. What I have done:

added a ftpuser with own group and home directory

edited /etc/vsftpd/vsftpd.conf:
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

edited /etc/vsftpd.chroot_list:
added ftpuser

edited /etc/passwd entry for ftpuser:
ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/bin/false

edited /etc/shells and added:
/bin/false


restarted xinetd and vsftpd

The ftpuser can STILL traverse the entire directory structure. What the heck am I missing here?
 
Old 11-20-2003, 01:51 PM   #2
Tramontane
Member
 
Registered: Oct 2003
Distribution: Debian
Posts: 39

Rep: Reputation: 15
from "man vsftpd.conf"
Code:
chroot_list_enable
              If activated, you may provide a list of local users
              who  are  placed  in  a chroot() jail in their home
              directory upon login. The meaning is slightly  dif_
              ferent  if chroot_local_user is set to YES. In this
              case, the list becomes a list of  users  which  are
              NOT  to  be placed in a chroot() jail.  By default,
              the    file     containing     this     list     is
              /etc/vsftpd.chroot_list,  but you may override this
              with the chroot_list_file setting.
also, you probably don't need to add "/bin/false" to your "/etc/shells" file. The point of the "/bin/false" entry in "/etc/passwd" file is that it shouldn't resolve to a valid shell.

Last edited by Tramontane; 11-20-2003 at 01:56 PM.
 
Old 11-20-2003, 01:55 PM   #3
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Ok... I see what you've done. The simple answer is that if you use chroot_local_user=YES then the vsftpd.chroot_list becomes a list of users to NOT chroot. So... you said chroot ALL users but ftpuser.

Notice the commented out lines.
In /etc/vsftpd/vsftpd.conf:
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

edited /etc/vsftpd.chroot_list:
add users only that DO NOT NOT NOT NOT get chrooted.

use /sbin/nologin
edited /etc/passwd entry for ftpuser:
ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/sbin/nologin

------------

chroot_local_user=YES
chroot_list_enable=YES
means that by default ALL users get chrooted except users in the file

chroot_local_user=NO
chroot_list_enable=YES
means that by default ONLY users in the file get chrooted.

See the difference?
 
Old 11-20-2003, 02:04 PM   #4
ohleary
LQ Newbie
 
Registered: Aug 2003
Posts: 12

Original Poster
Rep: Reputation: 0
Okay, it's backwards of what it seems. I changed chroot_local_user to NO and now things work fine, the user 'ftpuser' can't move up in the directory structure, can only navigate around it's home directory.

Thank you for straightening me out.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
create ftp user for vsftpd server without home directory cccc Linux - Networking 2 07-30-2005 06:32 AM
vsftpd - limit user to his/her home directory kaon Linux - Software 0 01-15-2005 12:32 AM
vsFTPd: howto keep a user in his home directory jonnyz Linux - Networking 1 06-20-2003 02:06 PM
SSH lock users to the Home Directory jasonweb Linux - Security 2 04-11-2003 06:20 PM
vsftpd home directory Harpune Linux - Networking 2 03-16-2003 10:58 AM


All times are GMT -5. The time now is 03:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration