[SOLVED] is it possible to have two local_chroot in vsftpd configuration in centos?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
is it possible to have two local_chroot in vsftpd configuration in centos?
We have vsftpd running in the web server(say www.sarah.com) so that virtual users can login for ftp upload and in the vsfpd.conf, home directory(var/www/html/$USER) for each virtual user is been made via the local_root option.
But now i want to add a ftp/virtual user for the same web server(www.sarah.com) which is doing all these virtual hosting and want to add user(say test) inside /var/www/html/sarah instead of /var/www/html/test which is by default.
Because when i do that i can have web access as well if i type www.sarah.com/test.So users can upload via ftp and download via web.
So can you please tell me how should i proceed? Or is this not possible at all?
Last edited by SarahGurung; 06-18-2012 at 12:46 AM.
But now i want to add a ftp/virtual user for the same web server(www.sarah.com) which is doing all these virtual hosting and want to add user(say test) inside /var/www/html/sarah instead of /var/www/html/test which is by default.
You can add in vsftpd.conf:
Code:
user_config_dir=/etc/vsftpd_user_conf
Create the directory /etc/vsftpd_user_conf (if it doesn't exist) and inside that directory create a file named "test" containing "/var/www/html/sarah".
After that restart the vsftpd service
But i already have other virtual users with their home directory assigned. SO will this new user_config_dir affect it? because user_config_dir is for creating explicit home directory for users isnt it? Or can it just be used for this new user alone?
And if so can you please exactly tell me what should i write inside that test file?
SO will this new user_config_dir affect it? because user_config_dir is for creating explicit home directory for users isnt it? Or can it just be used for this new user alone?
Exactly.
If you want a user to have a different homedir (so he'll be chrooted in it), you create a file inside that directory with that user's name (in your case /etc/vsftpd_user_conf/test) containing:
Well what i meant was,i have other users created previously whose home directories have been given via the local_root and chroot_enable= yes option.user_conf_dir has not been used previously.so will using of user_conf_dir for just this new user work without affecting the previous users/their home directories or do i need to add them as well in the user_config file if i use that option?
And do i need to use it with chroot_list option?
My vsftpd conf as of now is as follows:
Code:
# disables anonymous FTP
anonymous_enable=NO
# enables non-anonymous FTP
local_enable=YES
# activates virtual users
guest_enable=YES
# virtual users to use local privs, not anon privs
virtual_use_local_privs=YES
# enables uploads and new directories
write_enable=YES
# the PAM file used by authentication of virtual uses
pam_service_name=vsftpd-virtual
# in conjunction with 'local_root',
# specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/www/html/$USER
# the virtual user is restricted to the virtual FTP area
chroot_local_user=YES
# hides the FTP server user IDs and just display "ftp" in directory listings
hide_ids=YES
# runs vsftpd in standalone mode
listen=YES
# listens on this port for incoming FTP connections
#listen_port=60021
# the minimum port to allocate for PASV style data connections
pasv_min_port=62222
# the maximum port to allocate for PASV style data connections
pasv_max_port=63333
# controls whether PORT style data connections use port 20 (ftp-data)
connect_from_port_20=YES
# the umask for file creation
local_umask=022
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#anon_other_write_enable=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# Activate logging of uploads/downloads.
xferlog_enable=YES
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=ftp
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
# You may change the default value for timing out an idle session.
idle_session_timeout=600
# You may change the default value for timing out a data connection.
data_connection_timeout=120
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=ftp
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
async_abor_enable=YES
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
# You may fully customise the login banner string:
ftpd_banner=Authorized Access Only!!
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
#userlist_enable=YES
#userlist_deny=NO
tcp_wrappers=YES
max_clients=10
max_per_ip=10
I made the required changes as you said and it worked as i wanted it to BUT THE PROBLEM IS when the user test logs in via the ftp client for upload it goes to /var/www/html/sarah and there i need to select the folder 'test' and then upload which means the user has access to to whole /var/www/html/sarah directory.
i want the user 'test' to have access to only the test or its home directory.
i want the user 'test' to have access to only the test or its home directory.
Then change local_root accordingly:
Code:
local_root=/var/www/html/sarah/test
Also note that this user cannot access directories outside the chroot. If you want him to access his homedir (/home/test), you need to use other methods (like mount --bind in case of vsftpd)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
