LinuxQuestions.org - vsftpd + redhat8 + jail

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - vsftpd + redhat8 + jail (https://www.linuxquestions.org/questions/linux-software-2/vsftpd-redhat8-jail-43699/)

vsftpd + redhat8 + jail

Im using RH8 with the included vsftpd.

i want to allow users access via SSH and FTP into set dirs (home dir) but no others.

i can get vsftpd to chroot users to home no problems.

i can get jail (http://freshmeat.net/projects/jail_c...ic_id=43%2C253) working no problems either

but i CANT get them working together. i just get a 500 error incorect login.

after i have 'jailed' a user i can still get ftp login ok if i change the shell to '/bin/bash' but then they aren't jailed.

looking at man vsftpd.conf i see

Quote:

check_shell
Note! This option only has an effect for non PAM builds of
vsftpd. If disabled, vsftpd will not check /etc/shells for a
valid user shell for local logins.

Default: YES

now im gussing this is whats causing me problems.

im no expert but i think im using PAM as default.
is there another way to do it? or can i enable /usr/local/bin/jail as a valid shell?

thanks for any help :)

ok scrub that got it working lol

setup the user with home /usr/local/./chroot
and shell /bin/jail
add /bin/jail in etc/shells
and moved the jail exe from /usr/local/bin/jail

i was probably doing somthing wrong before..silly me :)
i dont know if the /./ is needed but i get the feeling it is.

jail with ssh and vsftpd

I have pretty much the same problem, but it does not appear to have the solution proposed above. I already have the jail shell listed in the /etc/shells file. I am at dead end. Btw, I have a different jail shell - http://www.gsyc.inf.uc3m.es/~assman/jail/index.html so maybe it is in the shell...
Any other suggestions?

Thanks!

P.S. I found that it is the same jail shell, just the link is different to get to it... :)

Now I am at dead end really....

It worked!

I made couple of changes to the vsftpd.conf file
and to the system /etc/passwd (not the chrooted) file plust the proposed change for the /etc/shells file above. It looks like there is another option that made it for me

passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail
location may be specified on a per‐user basis. Each user’s jail
is derived from their home directory string in /etc/passwd. The
occurence of /./ in the home directory string denotes that the
jail is at that particular location in the path.

Default: NO
I have it set to YES in the vsftpd.conf file Also I had to make sure that the shadow and shadow- files and the chrooted /etc/shadow files had the same passwords for the chrooted user.
After that I had to create the vsftpd.chroot_list file (of course, silly) and put my users in it. But for some reason before all those changes it was not even letting the user to see if it is in the chroot_list file. It was being denied access completely. And the code was FTP 530 not 500. The last time I got 500 Ooops, user not in the chroot_list file or something of that kind and I realized I had not created the file. After putting the users in the file, everything works like a charm. Thanks for the insight!