Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I still didn't find any solution. Anybody knows how to use groups with virtual users? Is it possible? At least tell give me a link, an email, something I can start with.
Yes indeed there are a few hints in the FAQ. But they are just hints, they presume that you have good knowledge of linux in other areas...
Here I copied the the parts from the FAQ which might be related to my problem
Quote:
Q) Can I restrict users to their home directories?
A) Yes. You are probably after the setting:
chroot_local_user=YES
Can I restrict more than one user to the same home directory?
Quote:
Q) Help! What are the security implications referred to in the
"chroot_local_user" option?
A) Firstly note that other ftp daemons have the same implications. It is a
generic problem.
The problem isn't too severe, but it is this: Some people have FTP user
accounts which are not trusted to have full shell access. If these
accounts can also upload files, there is a small risk. A bad user now has
control of the filesystem root, which is their home directory. The ftp
daemon might cause some config file to be read - e.g. /etc/some_file. With
chroot(), this file is now under the control of the user. vsftpd is
careful in this area. But, the system's libc might want to open locale
config files or other settings...
Can I restrict all user to the a home directory?
Quote:
Q) Help! How do I integrate with LDAP users and logins?
A) Use vsftpd's PAM integration to do this, and have PAM authenticate against
an LDAP repository.
I don't know what is LDAP, but somebody told me the LDAP combined with chroot_local_user might do what I need.
Quote:
Q) Help! Does vsftpd support virtual users?
A) Yes, via PAM integration. Set "guest_enable=YES" in /etc/vsftpd.conf. This
has the effect of mapping every non-anonymous successful login to the local
username specified in "guest_username". Then, use PAM and (e.g.) its pam_userdb
module to provide authentication against an external (i.e. non-/etc/passwd)
repository of users.
Note - currently there is a restriction that with guest_enable enabled, local
users also get mapped to guest_username.
There is an example of virtual users setup in the "EXAMPLE" directory.
Can I map virtual users to more than one local user?
Quote:
Q) Help! Does vsftpd support different settings for different users?
A) Yes - in a very powerful way. Look at the setting "user_config_dir" in the
manual page.
This doesn't include file access restriction.
Quote:
Q) Help! Will vsftpd authenticate against an LDAP server? What about a
MySQL server?
A) Yes. vsftpd uses PAM for authentication, so you need to configure PAM
to use pam_ldap or pam_mysql modules. This may involve installing the PAM
modules and then editing the PAM config file (perhaps /etc/pam.d/vsftpd).
Don't know what can LDAP do.
Quote:
Q) Help! Does vsftpd support hiding or denying certain files?
A) Yes. Look at the hide_file and deny_file options in the manual page.
This is intresting. The manpage says that it works for directories too. But can this be used for a group or all virtual users? Or do I have make the restriction for each user and each directory?
Can I restrict more than one user to the same home directory?
Yes, make directory X the home directory for all users you want to have access to it, or make it a group
Quote:
Originally Posted by istvank
Can I restrict all user to the a home directory?
See above
Quote:
Originally Posted by istvank
I don't know what is LDAP, but somebody told me the LDAP combined with chroot_local_user might do what I need.
LDAP = Lightweight Directory Access Protocol = Google LDAP for definations and a more indepth description
You shouldn't need LDAP to accomplish what you want. You need to set the permissions and user directory to the same levels/directory.
Quote:
Originally Posted by istvank
Can I map virtual users to more than one local user?
Don't know, haven't tried this
Quote:
Originally Posted by istvank
This doesn't include file access restriction.
configure restrictions by the file or directories
Quote:
Originally Posted by istvank
Don't know what can LDAP do.
See above
Quote:
Originally Posted by istvank
Does file permissions work with virtual users?
Yes
I haven't tried to make the exact same configuration settings you appear to be, but basic network structure and user permissions should accomplish what you want. Read up on permissions and network / directory structure, why I posted the link to the FAQ, yes they have a lot of "suggestion" but also give you insight to the ability to accomplish what you want (one of your questions - can it be done) and some direction to do it.
Setting up a Linux server and structuring the pemissions and user directory correctly isn't as easy as say point and click like MS, but it is a lot more powerful and secure. You might want to get a couple books, your local library should have some good on Linux server config
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
