LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-08-2009, 03:29 AM   #1
epamuk
Member
 
Registered: May 2007
Posts: 62

Rep: Reputation: 15
I dont want to see other folders


Hi,

I am creating a ftp user and I can connect home folder of this user. But This user can change home folder and It can go other folder as read onyl.

I dont want to go and see other folders of this user. how can i prevent see other folders of this user?

Thanks.
 
Old 06-08-2009, 03:59 AM   #2
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
chroot!
 
Old 06-08-2009, 04:09 AM   #3
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Hi,

How can i use chroot a home folder? Please can you write some examples?

Thanks.
 
Old 06-08-2009, 04:18 AM   #4
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
Check out the following link:
http://www.cyberciti.biz/tips/vsftp-...directory.html
 
Old 06-08-2009, 04:41 AM   #5
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Hi,

I want to do your writes but I am getting this error message when I want to run vsftp.

What do you think?

[root@webserver init.d]# ./vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@webserver init.d]# service vsftpd status
vsftpd dead but subsys locked
[root@webserver init.d]#
 
Old 06-09-2009, 04:12 AM   #6
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Hi,

vsftp running
[root@webserver root]# service vsftpd status
vsftpd (pid 3558) is running...

and I did change as per your send link.

# vi /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
# /etc/init.d/vsftpd restart

Then I am trying with a ftp client software (example putty or ssh secure file transfer) but still I can change folder and I can see other folders.

Why can I see other files? Must i do any different settings?

Thanks.
 
Old 06-09-2009, 04:23 AM   #7
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
Looks like you have another FTP service that is running.

Were you already using vsftpd or were you using a different ftp service?

You would need to disable the other ftp service and then start vsftpd.

--Sorry delayed typing, this was in response to post 5, however it appears you have moved beyond this point now.

Last edited by Disillusionist; 06-09-2009 at 04:25 AM.
 
Old 06-09-2009, 04:30 AM   #8
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
Quote:
Originally Posted by epamuk View Post
Hi,

vsftp running
[root@webserver root]# service vsftpd status
vsftpd (pid 3558) is running...

and I did change as per your send link.

# vi /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
# /etc/init.d/vsftpd restart

Then I am trying with a ftp client software (example putty or ssh secure file transfer) but still I can change folder and I can see other folders.

Why can I see other files? Must i do any different settings?

Thanks.
Please post the results of:
Code:
grep -v '^#' /etc/vsftpd/vsftpd.conf
This will let me know what settings you are currently using.

Example vsftpd.conf file (without comments) which works for me:
Code:
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=Welcome to my test FTP site.
chroot_local_user=YES
listen=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Last edited by Disillusionist; 06-09-2009 at 04:47 AM.
 
Old 06-09-2009, 04:43 AM   #9
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Hi Disillusionist,

Please can you tell me, how can i know about other ftp service running?

I see a service name is proftpd Then I am doing,
[root@webserver root]# service proftpd status
Usage: /etc/init.d/proftpd { start | stop }
[root@webserver root]# service proftpd stop
[root@webserver root]# /etc/init.d/proftpd stop

Then I am trying connection with ftp client software but I can still other folders and I can change folders with ftp client software.

I need your help. Thank you for your great support.



[root@webserver root]# grep -v '^#' /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_list_enable=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list

pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
You have new mail in /var/spool/mail/root
[root@webserver root]#
 
Old 06-09-2009, 04:51 AM   #10
Marko Hyvärinen
LQ Newbie
 
Registered: May 2009
Posts: 24

Rep: Reputation: 15
our config is here, not maby best in a world but works:



############################################################3
write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="xxxxxxxxxxxxxxxxxxxxxxxxxxx"

local_enable=YES
local_umask=002
chroot_local_user=YES


anonymous_enable=NO
anon_world_readable_only=YES


syslog_enable=NO

log_ftp_protocol=YES
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
xferlog_std_format=YES
xferlog_file=/var/log/xferlog
dual_log_enable=YES

connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=120
ascii_upload_enable=YES
ascii_download_enable=YES

pam_service_name=vsftpd


ssl_enable=NO

####################################################################

How to see running processes:
ps ax|grep -v grep |grep -i ftp
change ftp -> vsftpd if you want more narrow listing..


Marko
 
Old 06-09-2009, 05:19 AM   #11
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
Quote:
Originally Posted by epamuk View Post
how can i know about other ftp service running?
Check the results of:
Code:
service --status-all|grep ftp
If there are other ftp related services, you should stop them.

Additionally, check the contents of the /etc/xinetd.conf file
and /etc/xinetd.d directory, (some older ftp services use inetd)

Quote:
Originally Posted by epamuk View Post
chroot_list_enable=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
Do you have any entries in the /etc/vsftpd.chroot_list file?

The users listed in this file will not be chrooted.

When chroot_local_user is not set or set to NO, the chroot_list_file is used to specify users that should be chrooted.

However, the purpose of the file is switched when chroot_local_user is set to YES.

Last edited by Disillusionist; 06-09-2009 at 08:40 AM.
 
Old 06-09-2009, 06:55 AM   #12
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Hi Disillusionist,

I am getting this error message when I run service --status-all|grep ftp

[root@webserver root]# service --status-all|grep ftp
Please run makehistory and/or makedbz before starting innd.
rndc: connect failed: connection refused
Usage: /etc/init.d/proftpd { start | stop }
squid: ERROR: No running copy
vsftpd (pid 3558) is running...


Aslo you can see xinetd.conf at below.

[root@webserver root]# cat /etc/xinetd.conf
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}

includedir /etc/xinetd.d


Then You can see vsftpd.chroot_list at below

[root@webserver root]# cat /etc/vsftpd.chroot_list
bublehead
 
Old 06-09-2009, 07:53 AM   #13
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Marko Hyvärinen View Post
our config is here, not maby best in a world but works:



############################################################3
write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="xxxxxxxxxxxxxxxxxxxxxxxxxxx"

local_enable=YES
local_umask=002
chroot_local_user=YES


anonymous_enable=NO
anon_world_readable_only=YES


syslog_enable=NO

log_ftp_protocol=YES
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
xferlog_std_format=YES
xferlog_file=/var/log/xferlog
dual_log_enable=YES

connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=120
ascii_upload_enable=YES
ascii_download_enable=YES

pam_service_name=vsftpd


ssl_enable=NO

####################################################################

How to see running processes:
ps ax|grep -v grep |grep -i ftp
change ftp -> vsftpd if you want more narrow listing..


Marko
Hi,

I changed my vsftpd.conf file as per your above write then I stop and start vsftpd service. Then I try with a ftp client software I can still other files and folders.

I need your help please.

Thanks.
 
Old 06-09-2009, 08:39 AM   #14
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,039

Rep: Reputation: 97
Quote:
Originally Posted by epamuk View Post
Hi Disillusionist,

I am getting this error message when I run service --status-all|grep ftp

[root@webserver root]# service --status-all|grep ftp
Please run makehistory and/or makedbz before starting innd.
rndc: connect failed: connection refused
Usage: /etc/init.d/proftpd { start | stop }
squid: ERROR: No running copy
vsftpd (pid 3558) is running...
OK, the --status-all argument to the service command passes 'status' through to each script in /etc/init.d

From the output you are seeing, there does not appear to be a status option for the proftpd service.

The fact that vsftpd is showing as running, means that proftpd is not currently running (otherwise there would have been problems starting vsftpd).

You may want to ensure that proftpd doesn't startup on server reboots.

Code:
chkconfig proftpd off
You may need to ensure that vsftpd starts on server reboots.
Code:
chkconfig --level 5 vsftpd on
Quote:
Originally Posted by epamuk View Post
Then You can see vsftpd.chroot_list at below

[root@webserver root]# cat /etc/vsftpd.chroot_list
bublehead
Are you testing with user "bublehead" or with other users?

When chroot_local_user=YES entries in the chroot_list file are not locked down. I realise now that I had an error in my previous post.

Last edited by Disillusionist; 06-09-2009 at 08:42 AM.
 
Old 06-09-2009, 09:12 AM   #15
epamuk
Member
 
Registered: May 2007
Posts: 62

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Disillusionist View Post
OK, the --status-all argument to the service command passes 'status' through to each script in /etc/init.d

From the output you are seeing, there does not appear to be a status option for the proftpd service.

The fact that vsftpd is showing as running, means that proftpd is not currently running (otherwise there would have been problems starting vsftpd).

You may want to ensure that proftpd doesn't startup on server reboots.

Code:
chkconfig proftpd off
You may need to ensure that vsftpd starts on server reboots.
Code:
chkconfig --level 5 vsftpd on
Are you testing with user "bublehead" or with other users?

When chroot_local_user=YES entries in the chroot_list file are not locked down. I realise now that I had an error in my previous post.

Yes I did your all says Then I try with bublehead And I saw Bublehead have same problem. I am connecting with bublehead And I can see all folders and files Also I can chnage folders I can go all system folders.

What can i do for solve this problem?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
change permissions of all folders and sub folders cad Linux - General 3 01-28-2007 11:21 AM
symlinks from folders to folders? vbsaltydog Linux - Newbie 4 04-03-2006 02:51 PM
Samba can create new files and folders but access denied in any new folders k.king Linux - Networking 2 01-15-2006 07:14 AM
new to linux dont what distro to use dont no much command xman2007 Linux - Newbie 3 01-02-2004 06:32 PM
Things dont work when you dont understand withoutaclue Linux - Newbie 3 03-12-2003 10:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration