LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   ssh,vsftpd and ldap (https://www.linuxquestions.org/questions/linux-enterprise-47/ssh-vsftpd-and-ldap-693896/)

anindyabhattacharjee 12-30-2008 11:52 AM
ssh,vsftpd and ldap
 
Dear list,

I am using vsftpd on RHEL 4 update 6. All users are authenticated by ldap. This server is a ldap client. All users are virtual users and having same uidNumber and gidNumber in LDAP. Users entires are as follows --------

dn: uid=cito,ou=People,dc=example,dc=com

uid: cito

cn: na

gn: cito

sn: na

title: blank

userPassword: changeme

mailForwardingAddress: cito@example.com

homeDirectory: /Maildir/cito

mail: cito@example.com

mailMessageStore: /Maildir/cito/Maildir/

accountStatus: active

loginShell: /sbin/nologin

uidNumber: 1000

gidNumber: 1000

mailQuota: 104857600S

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: organizationalPerson

objectClass: person

objectClass: extensibleobject

As user's home directory is /Maildir/cito, When cito logged in to vsftpd server, 'cito' user directly logged into /Maildir/cito.

VSFTPD is having chroot options like "chroot_local_user=YES", so, chrooting of vsftpd user is done easily. Although all the user's home directory pemission
are as follows under /Maildir ---

drwx------ vmail vmail cito

Here, vmail is the user who is having same uidNumber and gidNumber(1000) like ldap users. All the home directory of users are having same 700 and owned by vmail users.

Now, New requirement is ssh. Users can use either ftp or ssh. But these two should point the same location. here, /Maildir/uid (for example /Maildir/cito).
As sshd is running users can logged in via ssh also. and they are logged into their home directory (for example /Maildir/cito). but problem is chrooting.
Users should be restricted to their home directory only.

As the OS version is RHEL 4 update 6, it is having openssh-server-3.8 and chroot is available from openssh-server-4.9. I have tried with openssh-server-4.9
to build chroot enviornment. But still now not getting success. After doing some googling, I found that user's home directory format should be as follows --

/path_to_chroot/./home_directory

May be apart from this issue, I have missed some configuratios in chrooting. but still now I have tried this with system user. I found that in chroot directory /etc/passwd is required which will contain each chrooted user's entry. That means, although I am having ldap users, I have to create system users for this ssh which I dont want.

Here, if I change login shell in ldap, and give it to /bin/bash, User can logged in without any issue. But the same chroot problem exist.

What can be the next course of action in this scenario ?


Thanks in advance..............

Regadrs
anindya bhattacharjee

anindyabhattacharjee 01-02-2009 05:27 AM
Dear all,

I want to use ssh with ldap. All users will be in LDAP database and having same uidNumber and gidNumber(For example 1000).Every user will have same directory pattern /Maildir/uid. And all these directory will be owned by one virtual user (For example, vmail)whose uid and gid will be same (1000).

Now my target is to do chrooting of user's home directory. Users should not be allowd to browse out of their home directory.

I have tried openssh-chroot. Regarding this, I am having some problem which is described in earlier thread.

Just another thing, I don't want to create system user. All the things I want to do with ldap user.


Regards
anindya bhattacharjee


All times are GMT -5. The time now is 01:39 PM.