LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Secure file and passwd transfers (https://www.linuxquestions.org/questions/linux-security-4/secure-file-and-passwd-transfers-383647/)

lord-fu 11-16-2005 08:26 AM
Secure file and passwd transfers
 
Hello,

I have VSFTP on my freeBSD 5.4 system that my friends and I use to trade files. They all share the same account and password that I created. I have denied them shell access, and they are chrooted to their ~. However.

1: Is it possible to stop them from deleting items, but to still get and write?
2: I don't like the passwords being passed along the net plain text, is there another option other than scp for them to get and write, as I really don't want them to have shell access? If it is https, is it possible to upload large files?

Any help is greatly appreciated.

unSpawn 11-17-2005 08:06 AM
1. I'm sure thats just a Vsftp config setting.
2. There are shells for scp to allow just scp and nothing more. Look for Scponly (or Rssh?).

lord-fu 11-17-2005 12:30 PM
Thank you, I will look into these options.

lord-fu 11-17-2005 02:53 PM
Hello,

The cmds_allowed option is what I was looking for in my vsftpd.conf. This is a comma seperated list of commands I would allow in an ftp session. However I am recieving this error when I try and restart the service.
Code:
OSIRIS# /usr/local/sbin/vsftpd &
[1] 12832
500 OOPS: missing value in config file for:
I googled the error and have not been able to come up with much that would help, I have posted my config file below. Thanks for any help offered.
Code:
# allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022

anon_upload_enable=NO
anon_mkdir_write_enable=NO

# Activate directory messages
dirmessage_enable=YES

# Activate logging of uploads/downloads.
xferlog_enable=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
#connect_from_port_20=YES

chown_uploads=YES
chown_username=ftp_user

xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES

idle_session_timeout=600
data_connection_timeout=120

nopriv_user=nobody

#ascii_upload_enable=YES
#ascii_download_enable=YES

#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
listen=YES
background=YES
pasv_enable=YES
pasv_max_port=20000
pasv_min_port=15000
pasv_promiscuous=YES
log_ftp_protocol=YES
cmds_allowed=ABOR,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RETR,SIZE,STOR,TYPE,USER,ACCT,HELP,SYST
Sorry if this should be a thread in an different forum. As it was related to my original post I thought it should stay here.
Many thanks in advance.

unSpawn 11-17-2005 06:29 PM
However I am recieving this error when I try and restart the service.
Diff your current & previous config and focus on the changes.

lord-fu 11-19-2005 12:09 AM
Sorry to repost here, but all it was clearing the cmds_allowed line and then redoing the line over, I guess I mistyped or something the first time.


All times are GMT -5. The time now is 07:03 AM.