LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-31-2006, 07:01 PM   #1
just_me_then
Member
 
Registered: Dec 2006
Posts: 59

Rep: Reputation: 15
vsftpd


Hello.

vsftp is giving me some trouble at the moment. i want every user to be ch_root'ed and have the following in my conf:

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list

This works well so long as the user is in the list. If i change chroot_list_enable = NO then it stops working, and they can view any file.

What i need is for ever user to automaticaly be chroot'ed without me having to add there name to the list. How can i go about this?



Also whenever an ftp user logs in and sends a comand they get the following for long time before anything starts happening. Any thoughts on that?

ftp> ls
229 Entering Extended Passive Mode (|||25857|)


Thanks!
 
Old 01-01-2007, 02:59 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
as your pasted comment even says there... you should just need to set chrootlocal_user=YES and that's all there is to it.
 
Old 01-01-2007, 04:12 AM   #3
just_me_then
Member
 
Registered: Dec 2006
Posts: 59

Original Poster
Rep: Reputation: 15
Yer, i get that, but it only works if the users name is in the list, and thats the bit i wish to avoid!
 
Old 01-01-2007, 05:07 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
if the chroot_local_user is set to YES then the list is of users NOT to chroot. therefore if the list is empty everyone will be chrooted by default.
 
Old 01-01-2007, 05:22 AM   #5
just_me_then
Member
 
Registered: Dec 2006
Posts: 59

Original Poster
Rep: Reputation: 15
sure, but when i try that it still doesent work! Instead it makes everybody not chrooted! Some-what strange...
 
Old 01-02-2007, 07:05 AM   #6
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Could you please post more details of your attempts, results obtained, etc (ie post the exact commands & their output)?
Also make sure to have vsftpd re-read the config to make sure that your changes have had effect.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd settingd and VSFTPD DEAD BUT SUBSYS LOCKED pc_copat Linux - Newbie 15 11-05-2009 10:31 PM
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 07:24 PM
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
vsftpd & ssl - how do I tell if it's actually vsftpd maintaining the connections?? hunterhunter Linux - General 0 03-27-2006 04:41 PM
VSFTPD with 500 oops :vsftpd: missing argv[0] mole_13 Linux - Newbie 0 05-04-2005 01:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration