Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: FC3 dualboot with XP on my main machine, Slackware 9 on my POS ;)
Posts: 30
Rep:
creating a secure ftp server with chrooting
okay, here's my problem: i'm creating a secure file server with cent os and i want to chroot users to their home directories in a secure manner (one that is not too easy to break out of). my problem is that i don't really know how to approach this. i've read a whole bunch of advice on various sites about how to do this properly but none seem to go through the whole procedure.
i would like to allow ONLY secured ftp traffic (no telnet, ftp, etc) and no anonymous or root access (the intent is to allow clients to access sensitive files from their homes via ftp). i also want each user to only have access to their own files (in their home directory). the only permissions these users need is to copy files to and from this directory and to perform basic directory operations (list files, remove files, etc).
please someone, what is the best way to do this? i'm inclined to use vsftpd because of its ease of chrooting but this requires a lot of setup with my current install (xinetd is in control and i don't know how to change it from using sshd). on the other hand i've also written a rudimentary chroot script which could be applied to all users logging in with sshd but i'm not sure how to make it run on login and so forth.
any suggestions would be GREATLY appreciated! thanks in advance!
Distribution: FC3 dualboot with XP on my main machine, Slackware 9 on my POS ;)
Posts: 30
Original Poster
Rep:
thanks, but that didn't do it. sshd won't start with that line at the end, calling it "garbage at the end of the line"... perhaps you can't sudo from sshd_config?
Distribution: FC3 dualboot with XP on my main machine, Slackware 9 on my POS ;)
Posts: 30
Original Poster
Rep:
Quote:
Originally posted by thermite_1033
do it with sftp-server and make a script to chroot-jailling the users
i don't understand what you're saying here. what is sftp-server and what should i do with it? i did write a script to chroot users but i'm not sure how to apply it to ssh or vsftp (probably wouldn't need it with vsftp though because it has a builtin chroot function, right?)
anyway, thanks very much again! i am making some progress, better than nothing!
in sshd_config this is when you want a secure ftp as subsystem. you acually don't need an other ftp-daemon but i don't know if you even can configure it. i can't find any config-file.
but this hasn't got a chroot!!!
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
you can apply your chroot-script in every user-home, i don't know exactly how your script looks like so i cant tell you how to apply it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.