Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-07-2002, 05:13 AM
|
#1
|
Member
Registered: Nov 2002
Location: d
Posts: 63
Rep:
|
about vsftp chrooted user...
For security reason, I wanted to have the guest users (which I created for them to access my ftp server) 'jailed' to their designated home directory so that they could not 'cd' above their home dir. Upon advice from other experts of Linux OS, I tried the following setup (I'm using RH 8.0 installed with the vsftp by default) but to no avail.
User name: theguest
Designated home dir: /home/theguest
UID:501
GID:501
Steps to set up the required account:
- adduser theguest
- passwd theguest
- vi /etc/passwd (to add /./ to the home dir as follows)
theguest:*:501:501::/home/theguest/./:/etc/ftponly
- vi /etc/shells to add "/etc/ftponly" to the end of the file
- vi /etc/group to add "client::501:theguest"
- vi /etc/ftpaccess to add the following lines
class local real,guest,anonymous
guestgroup client
- chown theguest.client /home/theguest
- chmod 755 /home/theguest
- cp -a /var/ftp/etc ~theguest
- cp -a /var/ftp/bin ~theguest
- cp -a /var/ftp/lib ~theguest
- cd /home/theguest
- chown root.daemon etc bin lib
- chmod 111 etc bin lib
- cd ~theguest/etc
- vi ~theguest/etc/passwd to contain the following:
root:*:0:0::/:/etc/ftponly
theguest:*:501:501::/home/theguest/./:/etc/ftponly
- vi ~theguest/etc/group to contain the following:
root::0:root
client::501:theguest
- chown root.daemon passwd group
- chmod 444 passwd group
But unfortunately, the above setup DID NOT work at all! Designated guest users still could 'CD' above their home dir! Did I miss something/steps?
My friend (who are using RH 7.3 with WU-fpt installed) advised me to add the following command to etc/ftpaccess to have the same effect of 'chrooting' the home dir. of the guest users.
restricted-UID*
Still, it did not have any effect on my server. Is the above command a global one which is applicable to all ftp servers?
Can anyone here please advise on that?
Cheers
|
|
|
11-07-2002, 07:04 AM
|
#2
|
Senior Member
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316
Rep:
|
Well all the steps you took is the normal way to get a daemon running in a chrooted environment. The only thing you didn't do was actually run the ftp server with a chroot command. It's usually quite a hastle to get a daemon running in a chrooted environment if all you want to do is restrict users to their home directories. So most FTP servers allow this to be done by adding an extra line to the configuration file. I don't know wu-ftpd but the instructions you where given to add that line in the /etc/ftpaccess is specific to wu-ftpd. With proftpd you would add the following line to the proftpd.conf file:
DefaultRoot ~
And then again I know nothing about vsftp so I don't know if there are other options for getting this done besides setting up a complete chroot environment.
|
|
|
11-07-2002, 07:27 AM
|
#3
|
Member
Registered: Jun 2001
Location: México (Juárez)
Distribution: SuSE 9.3
Posts: 108
Rep:
|
Hi
You have to add two entries in your configuration file like this
chroot_list_enable=YES
chroot_list_file=/etc/name_of_file_you_want (default is /etc/vsftpd.chroot_list)
and that should do the trick.
Azael
Last edited by Coproscefalo; 11-07-2002 at 07:32 AM.
|
|
|
11-07-2002, 11:05 AM
|
#4
|
Member
Registered: Nov 2002
Location: d
Posts: 63
Original Poster
Rep:
|
Thanks for the prompt reply. I got another question: How can I assign / preset limited capacity to each individual users which I created? Say, 10 mb for user1 (e.g. for uploading stuff) and 30 mb for user2.....
Cheers
|
|
|
11-08-2002, 03:25 AM
|
#5
|
Member
Registered: Nov 2002
Location: d
Posts: 63
Original Poster
Rep:
|
Hi, there!
When I used quotacheck -a to create quota file, I got the following error message:
Quotecheck: cannot get the qouta file name for /dev/hd3
I have modified the /etc/fstab as follows before the quotecheck -a command:
.../home ext3 defaults,usrquota,grpquota 1 2
Can anyone please advise?
Cheers.
|
|
|
08-18-2003, 09:20 PM
|
#6
|
Member
Registered: Jul 2003
Distribution: Redhat
Posts: 88
Rep:
|
You have to create the Quata files (aquata.user) before you run the quotacheck command. I had experienced the same problem when tried to use quotacjeck without creating files.
|
|
|
All times are GMT -5. The time now is 11:29 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|