vsftpd
hello all,
Im running nadia and have install vsftpd through the software manager. I have secusfully added a user and can loginto the ftp server, unfortunatly the user has complete access to my computer. if I enable chroot local user and try to log in I get a error "cannot chroot into a writeable directory". my question is how does one go about finding where the user directory is located, I've searched the root and home directorys and just cannot find it. any help will be greatly appreciated Thanks Greg |
If you set chroot_local_user=YES in vsftpd.conf, the directory vsftpd puts him in when he connects will be his standard local login home directory. Since that directory is writable by the user, the connection will fail because vsftp does not allow the root of the chroot jail to be writable by the user. That is why you get the "500 OOPS: vsftpd: refusing to run with writable root inside chroot ()" error message.
The solution is to make the root of his chroot jail something other than his normal login directory. You use the local_root directive to do that. For example, if user1 has a home directory at /home/user1, then if you could tell vsftpd to make /home his local root provided he does not have write access to /home. He'd have to change directory into his home directory after connecting. You could also set up an entirely different directory structure separate from the user's normal login directory, and bind mount his normal home directory on a writable subdirectory of his chrooted local root. For example, you could create a /home/ftpuser/<username> directory for each user. For user1, create /home/ftpuser/user1. In vsftpd for user1, set local_root=/home/ftpuser/user1. Grant user1 read and execute access, but not write access, to /home/ftpuser/user1 to satisfy the vsftpd local root restriction. Create a directory under /home/ftpuser/user1 called home (i.e., /home/ftpuser/user1/home), and set permissions to 700 to make it writable by user1. Then bind mount the user's normal login home directory on this one. vsftpd.conf would need to include something like the following: Code:
local_enable=YES /etc/vsftpd/vsftpd.user_list is a list of all the ftp users allowed to login. Code:
# cat /etc/vsftpd/vsftpd.user_list Code:
# ls -l vsftpd_user_conf Code:
# cat vsftpd_user_conf/user1 Code:
mount --bind /home/user1 /home/ftpuser/user1/home Code:
/home/user1 /home/ftpuser/user1/home none defaults,bind 0 0 I hope that is helpful. |
You do not need chroot enabled to be able to login into your user directory, all you need is to add this to the end of the vsftpd.conf
Code:
tilde_user_enable=YES Code:
$ man vsftpd |
Thanks ZO38 and uKiuki for your help, It will be a few days berfore I can try out your suggestions.
Greg |
All times are GMT -5. The time now is 04:32 PM. |