LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-16-2007, 02:04 PM   #1
rolando1bueno
LQ Newbie
 
Registered: Nov 2007
Posts: 6

Rep: Reputation: 0
CHROOT in VSFTPD


Hi everyone there.

I'm mounting a FTP server allowing only local user to login.
My problem is that I'm trying to jail the users in a chroot list to their home directory, but when they access the FTP server using CORE FTP, they can access all other folders.

Here's my vsftp.conf chroot configurations an the userlist configuration either.

chmod_enable=NO
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list


userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list


I've read in lot's of forums and this should work fine, but it doesn't

please some help
 
Old 11-18-2007, 12:20 AM   #2
cojo
Member
 
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262

Rep: Reputation: 31
comment out "chroot_local_user=NO" and make sure you have all the userid in the vsftpd.chroot_list file that you want to chroot in their home directory.
 
Old 11-21-2007, 07:01 AM   #3
rolando1bueno
LQ Newbie
 
Registered: Nov 2007
Posts: 6

Original Poster
Rep: Reputation: 0
gracias Cojo,,,,
it didn't work, commenting out "chroot_local_user=NO" is the same that using "chroot_local_user=NO". I'd try it but nothing happend.
The other rare thing is that using filezilla the user are jailed.

thanx

Rolando1bueno
 
Old 11-21-2007, 10:23 PM   #4
cojo
Member
 
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262

Rep: Reputation: 31
can you post your /etc/vsftpd.chroot_list and your vsftpd.conf files?
 
Old 11-22-2007, 06:36 AM   #5
rolando1bueno
LQ Newbie
 
Registered: Nov 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Here is the vsftpd.conf :

listen=YES

#listen_ipv6=YES

anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022

#anon_upload_enable=YES

#anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

#chown_uploads=YES
#chown_username=whoever
#
#xferlog_file=/var/log/vsftpd.log
#

#xferlog_std_format=YES

#idle_session_timeout=600
#
#data_connection_timeout=120
#
#nopriv_user=ftpsecure
#
#async_abor_enable=YES
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
ftpd_banner=Servidor FTP de ENERGETICA
#
#deny_email_enable=YES

#banned_email_file=/etc/vsftpd.banned_emails
#
chmod_enable=NO

#chroot_local_user=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd.chroot_list

#ls_recurse_enable=YES
#
secure_chroot_dir=/var/run/vsftpd
#
pam_service_name=vsftpd
#
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list


And here is the vsftpd.chroot_list :

#usuarios enjaulados FTP
rafi
jare
migf
vhlw
gcyq
cema
vajt
paginar

Thanx for your time....
 
Old 11-23-2007, 11:45 PM   #6
cojo
Member
 
Registered: Feb 2003
Location: St. Louis
Distribution: RedHat 8
Posts: 262

Rep: Reputation: 31
your config file look fine. The only thing I can see is either your chroot file is not in /etc/vsftpd.chroot_list or misspelled of userid within your chroot file. What is the permission on your vsftpd.chroot_list file?
 
Old 12-04-2007, 06:16 AM   #7
rolando1bueno
LQ Newbie
 
Registered: Nov 2007
Posts: 6

Original Poster
Rep: Reputation: 0
I haven't set any permission to the chroot file, should I? What permission should I set to it?

Thanks

Rolando1bueno
 
Old 12-04-2007, 09:05 AM   #8
shahz
Member
 
Registered: Sep 2006
Location: Quetta, Pakistan
Distribution: RHEL, Ubuntu, Fedora
Posts: 368

Rep: Reputation: 29
okay just check the permission if the file could be read by the daemon.

it may work, or otherwise try to remove the vsftpd package and install back before doing this have your configuration files saved. some times your true configuration doesn't work as it happend with me some time installing the package again it worked.
 
Old 12-09-2007, 09:32 AM   #9
stevemisawa
LQ Newbie
 
Registered: Sep 2007
Posts: 15

Rep: Reputation: 0
i had the problem with users being able to wander around to any dir above their home dir, in the vsftp.conf i set chroot_local_user=YES
that worked for me, no more wandering outside of their dirs. hope that helps.
 
  


Reply

Tags
chroot, local, user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 07:24 PM
vsftpd and chroot bstempi Linux - Security 10 11-08-2005 02:56 PM
VSFTPD chroot problem cwolf78 Linux - Software 1 05-08-2005 11:24 AM
vsftpd and chroot gbj Linux - Networking 3 03-08-2005 02:47 AM
VsFtpd Chroot problem... CrewXp Linux - Newbie 1 01-04-2004 03:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration