LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   vsftpd - "real" vs. "virtual" users (https://www.linuxquestions.org/questions/linux-networking-3/vsftpd-real-vs-virtual-users-115973/)

clau_bolson 11-14-2003 12:00 PM

vsftpd - "real" vs. "virtual" users
 
Hi, I'm setting up a new webserver and FTP server.
The idea is this:
Owners of websites (identified by name and password) must be able to make changes to their home directories.
Anonymous user is only able to download files from user ftp home directory.

Using vsftpd, I want to know if there is a difference regarding security between:

a. users are real users, with no shell access
chroot_local_user=YES
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list

and

b. users are all virtual, only one real user and guest_enable=YES, then mapping everyone to their home directory as explained in the man page.

Thanks

markus1982 11-17-2003 06:02 AM

anonymous-like users have more restrictive write permissions; like anon-users are not allowed to chmod & similar. when configured properly (non-anon-users) there is just a slight difference (http://www.linux-corner.net/linux/services/ftp.html)

clau_bolson 11-17-2003 07:22 AM

Thanks Markus, your page explains very well what I need.
- BUT -
I need anonymous logins too, because we offer to our users (we are an ISP) to download NAV updates directly from our site (a must for those who have "mail only" service), and other useful program.
So, will this configuration be safe enough?
(*** are my changes)

anon_world_readable_only=NO
*** anonymous_enable=YES ***
*** anon_upload_enable=NO ***
chroot_local_user=YES
guest_enable=YES
*** guest_username=virtual ***
hide_ids=YES
listen=YES
listen_address=xx.xx.xx.xx
local_enable=YES
max_clients=100
max_per_ip=1
nopriv_user=ftp
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users
xferlog_enable=YES

anon_umask=0027
async_abor_enable=YES
connect_from_port_20=YES
dirlist_enable=NO
*** download_enable=YES ***

/etc/vsftpd/users/user1

anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
dirlist_enable=YES
download_enable=YES
local_root=/home/user1
write_enable=YES

One more question, should I add "virtual" to the list of denied users?


All times are GMT -5. The time now is 03:03 AM.