LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-01-2003, 09:53 PM   #1
Delvar
LQ Newbie
 
Registered: Feb 2003
Posts: 2

Rep: Reputation: 0
vsftpd + redhat8 + jail


Im using RH8 with the included vsftpd.

i want to allow users access via SSH and FTP into set dirs (home dir) but no others.

i can get vsftpd to chroot users to home no problems.

i can get jail (http://freshmeat.net/projects/jail_c...ic_id=43%2C253) working no problems either

but i CANT get them working together. i just get a 500 error incorect login.

after i have 'jailed' a user i can still get ftp login ok if i change the shell to '/bin/bash' but then they aren't jailed.

looking at man vsftpd.conf i see

Quote:
check_shell
Note! This option only has an effect for non PAM builds of
vsftpd. If disabled, vsftpd will not check /etc/shells for a
valid user shell for local logins.

Default: YES
now im gussing this is whats causing me problems.

im no expert but i think im using PAM as default.
is there another way to do it? or can i enable /usr/local/bin/jail as a valid shell?

thanks for any help
 
Old 02-01-2003, 10:06 PM   #2
Delvar
LQ Newbie
 
Registered: Feb 2003
Posts: 2

Original Poster
Rep: Reputation: 0
ok scrub that got it working lol

setup the user with home /usr/local/./chroot
and shell /bin/jail
add /bin/jail in etc/shells
and moved the jail exe from /usr/local/bin/jail

i was probably doing somthing wrong before..silly me
i dont know if the /./ is needed but i get the feeling it is.
 
Old 03-27-2003, 09:49 PM   #3
sote1999
LQ Newbie
 
Registered: Mar 2003
Posts: 2

Rep: Reputation: 0
jail with ssh and vsftpd

I have pretty much the same problem, but it does not appear to have the solution proposed above. I already have the jail shell listed in the /etc/shells file. I am at dead end. Btw, I have a different jail shell - http://www.gsyc.inf.uc3m.es/~assman/jail/index.html so maybe it is in the shell...
Any other suggestions?

Thanks!

P.S. I found that it is the same jail shell, just the link is different to get to it...

Now I am at dead end really....

Last edited by sote1999; 03-27-2003 at 09:52 PM.
 
Old 03-28-2003, 12:13 AM   #4
sote1999
LQ Newbie
 
Registered: Mar 2003
Posts: 2

Rep: Reputation: 0
It worked!

I made couple of changes to the vsftpd.conf file
and to the system /etc/passwd (not the chrooted) file plust the proposed change for the /etc/shells file above. It looks like there is another option that made it for me

passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail
location may be specified on a per‐user basis. Each userís jail
is derived from their home directory string in /etc/passwd. The
occurence of /./ in the home directory string denotes that the
jail is at that particular location in the path.

Default: NO
I have it set to YES in the vsftpd.conf file Also I had to make sure that the shadow and shadow- files and the chrooted /etc/shadow files had the same passwords for the chrooted user.
After that I had to create the vsftpd.chroot_list file (of course, silly) and put my users in it. But for some reason before all those changes it was not even letting the user to see if it is in the chroot_list file. It was being denied access completely. And the code was FTP 530 not 500. The last time I got 500 Ooops, user not in the chroot_list file or something of that kind and I realized I had not created the file. After putting the users in the file, everything works like a charm. Thanks for the insight!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd will not jail remote user kipthomas Linux - Software 3 09-10-2005 12:38 AM
chroot jail for the vsftpd daemon -not internal to program snowmedia Linux - Networking 2 06-30-2004 10:32 AM
Jail? Hoops66 *BSD 1 09-11-2003 07:45 AM
vsftpd, combining chroot jail & links? Whz Linux - Software 0 07-25-2003 05:31 PM
Help with chroot jail - vsFTPd r042wal Linux - Software 1 06-05-2003 05:21 PM


All times are GMT -5. The time now is 08:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration