Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-31-2006, 08:01 PM
|
#1
|
Member
Registered: Dec 2006
Posts: 59
Rep:
|
vsftpd
Hello.
vsftp is giving me some trouble at the moment. i want every user to be ch_root'ed and have the following in my conf:
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
This works well so long as the user is in the list. If i change chroot_list_enable = NO then it stops working, and they can view any file.
What i need is for ever user to automaticaly be chroot'ed without me having to add there name to the list. How can i go about this?
Also whenever an ftp user logs in and sends a comand they get the following for long time before anything starts happening. Any thoughts on that?
ftp> ls
229 Entering Extended Passive Mode (|||25857|)
Thanks!
|
|
|
01-01-2007, 03:59 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
as your pasted comment even says there... you should just need to set chrootlocal_user=YES and that's all there is to it.
|
|
|
01-01-2007, 05:12 AM
|
#3
|
Member
Registered: Dec 2006
Posts: 59
Original Poster
Rep:
|
Yer, i get that, but it only works if the users name is in the list, and thats the bit i wish to avoid!
|
|
|
01-01-2007, 06:07 AM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
if the chroot_local_user is set to YES then the list is of users NOT to chroot. therefore if the list is empty everyone will be chrooted by default.
|
|
|
01-01-2007, 06:22 AM
|
#5
|
Member
Registered: Dec 2006
Posts: 59
Original Poster
Rep:
|
sure, but when i try that it still doesent work! Instead it makes everybody not chrooted! Some-what strange...
|
|
|
01-02-2007, 08:05 AM
|
#6
|
Senior Member
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515
Rep:
|
Could you please post more details of your attempts, results obtained, etc (ie post the exact commands & their output)?
Also make sure to have vsftpd re-read the config to make sure that your changes have had effect.
|
|
|
All times are GMT -5. The time now is 03:57 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|