ssh,vsftpd and ldap
Dear list,
I am using vsftpd on RHEL 4 update 6. All users are authenticated by ldap. This server is a ldap client. All users are virtual users and having same uidNumber and gidNumber in LDAP. Users entires are as follows -------- dn: uid=cito,ou=People,dc=example,dc=com uid: cito cn: na gn: cito sn: na title: blank userPassword: changeme mailForwardingAddress: cito@example.com homeDirectory: /Maildir/cito mail: cito@example.com mailMessageStore: /Maildir/cito/Maildir/ accountStatus: active loginShell: /sbin/nologin uidNumber: 1000 gidNumber: 1000 mailQuota: 104857600S objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson objectClass: person objectClass: extensibleobject As user's home directory is /Maildir/cito, When cito logged in to vsftpd server, 'cito' user directly logged into /Maildir/cito. VSFTPD is having chroot options like "chroot_local_user=YES", so, chrooting of vsftpd user is done easily. Although all the user's home directory pemission are as follows under /Maildir --- drwx------ vmail vmail cito Here, vmail is the user who is having same uidNumber and gidNumber(1000) like ldap users. All the home directory of users are having same 700 and owned by vmail users. Now, New requirement is ssh. Users can use either ftp or ssh. But these two should point the same location. here, /Maildir/uid (for example /Maildir/cito). As sshd is running users can logged in via ssh also. and they are logged into their home directory (for example /Maildir/cito). but problem is chrooting. Users should be restricted to their home directory only. As the OS version is RHEL 4 update 6, it is having openssh-server-3.8 and chroot is available from openssh-server-4.9. I have tried with openssh-server-4.9 to build chroot enviornment. But still now not getting success. After doing some googling, I found that user's home directory format should be as follows -- /path_to_chroot/./home_directory May be apart from this issue, I have missed some configuratios in chrooting. but still now I have tried this with system user. I found that in chroot directory /etc/passwd is required which will contain each chrooted user's entry. That means, although I am having ldap users, I have to create system users for this ssh which I dont want. Here, if I change login shell in ldap, and give it to /bin/bash, User can logged in without any issue. But the same chroot problem exist. What can be the next course of action in this scenario ? Thanks in advance.............. Regadrs anindya bhattacharjee |
Dear all,
I want to use ssh with ldap. All users will be in LDAP database and having same uidNumber and gidNumber(For example 1000).Every user will have same directory pattern /Maildir/uid. And all these directory will be owned by one virtual user (For example, vmail)whose uid and gid will be same (1000). Now my target is to do chrooting of user's home directory. Users should not be allowd to browse out of their home directory. I have tried openssh-chroot. Regarding this, I am having some problem which is described in earlier thread. Just another thing, I don't want to create system user. All the things I want to do with ldap user. Regards anindya bhattacharjee |
All times are GMT -5. The time now is 01:39 PM. |