LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 11-07-2002, 06:13 AM   #1
raymond
Member
 
Registered: Nov 2002
Location: d
Posts: 63

Rep: Reputation: 15
Question about vsftp chrooted user...


For security reason, I wanted to have the guest users (which I created for them to access my ftp server) 'jailed' to their designated home directory so that they could not 'cd' above their home dir. Upon advice from other experts of Linux OS, I tried the following setup (I'm using RH 8.0 installed with the vsftp by default) but to no avail.

User name: theguest
Designated home dir: /home/theguest
UID:501
GID:501

Steps to set up the required account:

- adduser theguest
- passwd theguest

- vi /etc/passwd (to add /./ to the home dir as follows)
theguest:*:501:501::/home/theguest/./:/etc/ftponly
- vi /etc/shells to add "/etc/ftponly" to the end of the file
- vi /etc/group to add "client::501:theguest"
- vi /etc/ftpaccess to add the following lines
class local real,guest,anonymous
guestgroup client

- chown theguest.client /home/theguest
- chmod 755 /home/theguest

- cp -a /var/ftp/etc ~theguest
- cp -a /var/ftp/bin ~theguest
- cp -a /var/ftp/lib ~theguest

- cd /home/theguest
- chown root.daemon etc bin lib
- chmod 111 etc bin lib

- cd ~theguest/etc
- vi ~theguest/etc/passwd to contain the following:
root:*:0:0::/:/etc/ftponly
theguest:*:501:501::/home/theguest/./:/etc/ftponly
- vi ~theguest/etc/group to contain the following:
root::0:root
client::501:theguest

- chown root.daemon passwd group
- chmod 444 passwd group

But unfortunately, the above setup DID NOT work at all! Designated guest users still could 'CD' above their home dir! Did I miss something/steps?

My friend (who are using RH 7.3 with WU-fpt installed) advised me to add the following command to etc/ftpaccess to have the same effect of 'chrooting' the home dir. of the guest users.

restricted-UID*

Still, it did not have any effect on my server. Is the above command a global one which is applicable to all ftp servers?

Can anyone here please advise on that?

Cheers
 
Old 11-07-2002, 08:04 AM   #2
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 47
Well all the steps you took is the normal way to get a daemon running in a chrooted environment. The only thing you didn't do was actually run the ftp server with a chroot command. It's usually quite a hastle to get a daemon running in a chrooted environment if all you want to do is restrict users to their home directories. So most FTP servers allow this to be done by adding an extra line to the configuration file. I don't know wu-ftpd but the instructions you where given to add that line in the /etc/ftpaccess is specific to wu-ftpd. With proftpd you would add the following line to the proftpd.conf file:
DefaultRoot ~

And then again I know nothing about vsftp so I don't know if there are other options for getting this done besides setting up a complete chroot environment.
 
Old 11-07-2002, 08:27 AM   #3
Coproscefalo
Member
 
Registered: Jun 2001
Location: México (Juárez)
Distribution: SuSE 9.3
Posts: 108

Rep: Reputation: 15
Hi

You have to add two entries in your configuration file like this

chroot_list_enable=YES
chroot_list_file=/etc/name_of_file_you_want (default is /etc/vsftpd.chroot_list)

and that should do the trick.

Azael

Last edited by Coproscefalo; 11-07-2002 at 08:32 AM.
 
Old 11-07-2002, 12:05 PM   #4
raymond
Member
 
Registered: Nov 2002
Location: d
Posts: 63

Original Poster
Rep: Reputation: 15
Thanks for the prompt reply. I got another question: How can I assign / preset limited capacity to each individual users which I created? Say, 10 mb for user1 (e.g. for uploading stuff) and 30 mb for user2.....

Cheers
 
Old 11-08-2002, 04:25 AM   #5
raymond
Member
 
Registered: Nov 2002
Location: d
Posts: 63

Original Poster
Rep: Reputation: 15
Hi, there!
When I used quotacheck -a to create quota file, I got the following error message:
Quotecheck: cannot get the qouta file name for /dev/hd3

I have modified the /etc/fstab as follows before the quotecheck -a command:
.../home ext3 defaults,usrquota,grpquota 1 2

Can anyone please advise?
Cheers.
 
Old 08-18-2003, 10:20 PM   #6
deepika
Member
 
Registered: Jul 2003
Distribution: Redhat
Posts: 88

Rep: Reputation: 15
You have to create the Quata files (aquata.user) before you run the quotacheck command. I had experienced the same problem when tried to use quotacjeck without creating files.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTP Virtual Users chrooted to NTFS Help please murdocthecrackmongre Linux - Software 2 07-05-2005 07:43 PM
gcc not found in chrooted user EPM_Students Linux From Scratch 3 04-12-2005 05:58 AM
ProFTPD for chrooted users (/home/hosting/user) ? Niels@debian Linux - Software 5 08-12-2004 08:38 PM
vsftp power user RJL Linux - Software 0 07-21-2004 02:51 PM
vsFTP user permissions scriptkiddie Linux - General 0 06-29-2004 09:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration