Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-16-2007, 02:04 PM
|
#1
|
LQ Newbie
Registered: Nov 2007
Posts: 6
Rep:
|
CHROOT in VSFTPD
Hi everyone there.
I'm mounting a FTP server allowing only local user to login.
My problem is that I'm trying to jail the users in a chroot list to their home directory, but when they access the FTP server using CORE FTP, they can access all other folders.
Here's my vsftp.conf chroot configurations an the userlist configuration either.
chmod_enable=NO
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list
I've read in lot's of forums and this should work fine, but it doesn't
please some help
|
|
|
11-18-2007, 12:20 AM
|
#2
|
Member
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262
Rep:
|
comment out "chroot_local_user=NO" and make sure you have all the userid in the vsftpd.chroot_list file that you want to chroot in their home directory.
|
|
|
11-21-2007, 07:01 AM
|
#3
|
LQ Newbie
Registered: Nov 2007
Posts: 6
Original Poster
Rep:
|
gracias Cojo,,,,
it didn't work, commenting out "chroot_local_user=NO" is the same that using "chroot_local_user=NO". I'd try it but nothing happend.
The other rare thing is that using filezilla the user are jailed.
thanx
Rolando1bueno
|
|
|
11-21-2007, 10:23 PM
|
#4
|
Member
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262
Rep:
|
can you post your /etc/vsftpd.chroot_list and your vsftpd.conf files?
|
|
|
11-22-2007, 06:36 AM
|
#5
|
LQ Newbie
Registered: Nov 2007
Posts: 6
Original Poster
Rep:
|
Here is the vsftpd.conf :
listen=YES
#listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
#chown_uploads=YES
#chown_username=whoever
#
#xferlog_file=/var/log/vsftpd.log
#
#xferlog_std_format=YES
#idle_session_timeout=600
#
#data_connection_timeout=120
#
#nopriv_user=ftpsecure
#
#async_abor_enable=YES
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
ftpd_banner=Servidor FTP de ENERGETICA
#
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
#
chmod_enable=NO
#chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
#
secure_chroot_dir=/var/run/vsftpd
#
pam_service_name=vsftpd
#
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list
And here is the vsftpd.chroot_list :
#usuarios enjaulados FTP
rafi
jare
migf
vhlw
gcyq
cema
vajt
paginar
Thanx for your time....
|
|
|
11-23-2007, 11:45 PM
|
#6
|
Member
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262
Rep:
|
your config file look fine. The only thing I can see is either your chroot file is not in /etc/vsftpd.chroot_list or misspelled of userid within your chroot file. What is the permission on your vsftpd.chroot_list file?
|
|
|
12-04-2007, 06:16 AM
|
#7
|
LQ Newbie
Registered: Nov 2007
Posts: 6
Original Poster
Rep:
|
I haven't set any permission to the chroot file, should I? What permission should I set to it?
Thanks
Rolando1bueno
|
|
|
12-04-2007, 09:05 AM
|
#8
|
Member
Registered: Sep 2006
Location: Quetta, Pakistan
Distribution: RHEL, Ubuntu, Fedora
Posts: 368
Rep:
|
okay just check the permission if the file could be read by the daemon.
it may work, or otherwise try to remove the vsftpd package and install back before doing this have your configuration files saved. some times your true configuration doesn't work as it happend with me some time installing the package again it worked.
|
|
|
12-09-2007, 09:32 AM
|
#9
|
LQ Newbie
Registered: Sep 2007
Posts: 15
Rep:
|
i had the problem with users being able to wander around to any dir above their home dir, in the vsftp.conf i set chroot_local_user=YES
that worked for me, no more wandering outside of their dirs. hope that helps.
|
|
|
All times are GMT -5. The time now is 06:19 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|