LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Linux Mint
User Name
Password
Linux Mint This forum is for the discussion of Linux Mint.

Notices

Reply
 
Search this Thread
Old 07-27-2013, 03:22 PM   #1
fillister
Member
 
Registered: Feb 2007
Posts: 30

Rep: Reputation: 15
vsftpd


hello all,

Im running nadia and have install vsftpd through the software manager. I have secusfully added a user and can loginto the ftp server, unfortunatly the user has complete access to my computer. if I enable chroot local user and try to log in I get a error "cannot chroot into a writeable directory". my question is how does one go about finding where the user directory is located, I've searched the root and home directorys and just cannot find it.

any help will be greatly appreciated

Thanks

Greg
 
Old 07-28-2013, 01:28 AM   #2
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Rep: Reputation: 157Reputation: 157
If you set chroot_local_user=YES in vsftpd.conf, the directory vsftpd puts him in when he connects will be his standard local login home directory. Since that directory is writable by the user, the connection will fail because vsftp does not allow the root of the chroot jail to be writable by the user. That is why you get the "500 OOPS: vsftpd: refusing to run with writable root inside chroot ()" error message.

The solution is to make the root of his chroot jail something other than his normal login directory. You use the local_root directive to do that. For example, if user1 has a home directory at /home/user1, then if you could tell vsftpd to make /home his local root provided he does not have write access to /home. He'd have to change directory into his home directory after connecting.

You could also set up an entirely different directory structure separate from the user's normal login directory, and bind mount his normal home directory on a writable subdirectory of his chrooted local root.

For example, you could create a /home/ftpuser/<username> directory for each user. For user1, create /home/ftpuser/user1. In vsftpd for user1, set local_root=/home/ftpuser/user1. Grant user1 read and execute access, but not write access, to /home/ftpuser/user1 to satisfy the vsftpd local root restriction. Create a directory under /home/ftpuser/user1 called home (i.e., /home/ftpuser/user1/home), and set permissions to 700 to make it writable by user1. Then bind mount the user's normal login home directory on this one.

vsftpd.conf would need to include something like the following:

Code:
local_enable=YES
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/vsftpd.user_list
user_config_dir=/etc/vsftpd/vsftpd_user_conf
The effect of the above is that only users listed in the userlist_file can login, all users are chrooted except for those listed as exceptions in the chroot_list_file, and the chroot home for each user is specified in the user's config file under the user_config_dir directory.

/etc/vsftpd/vsftpd.user_list is a list of all the ftp users allowed to login.

Code:
# cat /etc/vsftpd/vsftpd.user_list
user1
user2
user3
Directory listing of /etc/vsftpd/vsftpd_user_conf shows the config file for each allowed user.

Code:
# ls -l vsftpd_user_conf
-rw-r--r-- 1 root root   29 Dec  5 11:20 user1
-rw-r--r-- 1 root root   24 Dec  5 11:07 user2
-rw-r--r-- 1 root root   27 Dec  4 23:32 user3
The contents of /etc/vsftpd/vsftpd_user_conf/user1, user2, user3 files show the chroot home directory for each.

Code:
# cat vsftpd_user_conf/user1   
local_root=/home/ftpuser/user1
#
# cat vsftpd_user_conf/user2  
local_root=/home/ftpuser/user2
#
# cat vsftpd_user_conf/user3   
local_root=/home/ftpuser/user
These commands mount the normal login /home/<username> directory on top of the "home" subdirectory under the user's ftp local root.

Code:
mount --bind /home/user1 /home/ftpuser/user1/home
mount --bind /home/user2 /home/ftpuser/user2/home
mount --bind /home/user3 /home/ftpuser/user3/home
Or you could put it in /etc/fstab:

Code:
/home/user1  /home/ftpuser/user1/home  none  defaults,bind  0  0
/home/user2  /home/ftpuser/user2/home  none  defaults,bind  0  0
/home/user3  /home/ftpuser/user3/home  none  defaults,bind  0  0
Now when user1 connects via ftp, his local root will be /home/ftpuser/user1. It is non-writable for him. There will be a home subdirectory that he can cd into, and that will have his normal login home directory bind mounted on it.

I hope that is helpful.
 
1 members found this post helpful.
Old 07-28-2013, 03:44 AM   #3
ukiuki
Senior Member
 
Registered: May 2010
Location: Planet Earth
Distribution: Debian
Posts: 1,026

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
You do not need chroot enabled to be able to login into your user directory, all you need is to add this to the end of the vsftpd.conf
Code:
tilde_user_enable=YES
Also is a good thing to read the manual!
Code:
$ man vsftpd
Regards
 
1 members found this post helpful.
Old 07-29-2013, 08:55 AM   #4
fillister
Member
 
Registered: Feb 2007
Posts: 30

Original Poster
Rep: Reputation: 15
Thanks ZO38 and uKiuki for your help, It will be a few days berfore I can try out your suggestions.

Greg
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting vsftpd for vsftpd: 500 OOPS: SSL: cannot load RSA certificate MisterTickle Linux - Server 2 02-11-2011 07:41 PM
vsftpd settingd and VSFTPD DEAD BUT SUBSYS LOCKED pc_copat Linux - Newbie 15 11-05-2009 10:31 PM
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 07:24 PM
vsftpd & ssl - how do I tell if it's actually vsftpd maintaining the connections?? hunterhunter Linux - General 0 03-27-2006 04:41 PM
VSFTPD with 500 oops :vsftpd: missing argv[0] mole_13 Linux - Newbie 0 05-04-2005 01:05 AM


All times are GMT -5. The time now is 03:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration