vsftpd + redhat8 + jail
Im using RH8 with the included vsftpd.
i want to allow users access via SSH and FTP into set dirs (home dir) but no others. i can get vsftpd to chroot users to home no problems. i can get jail (http://freshmeat.net/projects/jail_c...ic_id=43%2C253) working no problems either but i CANT get them working together. i just get a 500 error incorect login. after i have 'jailed' a user i can still get ftp login ok if i change the shell to '/bin/bash' but then they aren't jailed. looking at man vsftpd.conf i see Quote:
im no expert but i think im using PAM as default. is there another way to do it? or can i enable /usr/local/bin/jail as a valid shell? thanks for any help :) |
ok scrub that got it working lol
setup the user with home /usr/local/./chroot and shell /bin/jail add /bin/jail in etc/shells and moved the jail exe from /usr/local/bin/jail i was probably doing somthing wrong before..silly me :) i dont know if the /./ is needed but i get the feeling it is. |
jail with ssh and vsftpd
I have pretty much the same problem, but it does not appear to have the solution proposed above. I already have the jail shell listed in the /etc/shells file. I am at dead end. Btw, I have a different jail shell - http://www.gsyc.inf.uc3m.es/~assman/jail/index.html so maybe it is in the shell...
Any other suggestions? Thanks! P.S. I found that it is the same jail shell, just the link is different to get to it... :) Now I am at dead end really.... |
It worked!
I made couple of changes to the vsftpd.conf file and to the system /etc/passwd (not the chrooted) file plust the proposed change for the /etc/shells file above. It looks like there is another option that made it for me passwd_chroot_enable If enabled, along with chroot_local_user , then a chroot() jail location may be specified on a per‐user basis. Each user’s jail is derived from their home directory string in /etc/passwd. The occurence of /./ in the home directory string denotes that the jail is at that particular location in the path. Default: NO I have it set to YES in the vsftpd.conf file Also I had to make sure that the shadow and shadow- files and the chrooted /etc/shadow files had the same passwords for the chrooted user. After that I had to create the vsftpd.chroot_list file (of course, silly) and put my users in it. But for some reason before all those changes it was not even letting the user to see if it is in the chroot_list file. It was being denied access completely. And the code was FTP 530 not 500. The last time I got 500 Ooops, user not in the chroot_list file or something of that kind and I realized I had not created the file. After putting the users in the file, everything works like a charm. Thanks for the insight! |
All times are GMT -5. The time now is 05:16 AM. |