vsftpd problem
Hello,
I Googled a lot for vsftpd but I found no solution for my problem. I have OpenSuSe 10.3 x86 version installed. I have enabled vsftpd from network services. As of now FTP is accesible from outside world. I create new users and make them FTP user. Problem is users are able to browse system folders. I want users to see only there /home dir when they log in to FTP. How can I restrict user's from being able to see other dir's? Regards, Amey. |
You want to 'chroot' users to their home directory, so add the following to the vsftpd.conf file (it may be located in /etc/vsftpd/):
Code:
chroot_local_user=YES Code:
man vsftpd.conf |
Find in vsftpd.conf and change Chroot_local_user=yes
hi,
open vsftpd.conf and find chroot_local_user=??? -> change to chroot_local_user=yes it wil solve to move the users other directories of your / and it will secure it. thanks. |
Thanks to both of you for quick reply.
I verified that chroot_local_user = YES command is there. I have also created vsftpd.chroot_list txt and added 1 user in it. restarted vsftps service from konsole. Checked by connecting using File Zilla FTP client but still that user can see all system folder's. Whats wrong with my config? :( I see local_root=/srv/ftp command at the end of vsftpd.conf file. Shall I change the path to /home ? UPDATE Issue solved :D I didn't make change in chroot_local_user file which is located at bottom side in the vsftpd.conffile. I was trying to configure above file in description tab. Silly me. I read whole vsftpd.conf file by taking print out of it. And I realized I must edit chroot_local_user in the ACL's which are available when we scroll the config file 100% It's working now. I have changed local_path from srv_ftp to /home Thanks for help! :) |
Now 1 problem still with me.
I have changed local_path to /home I dont want users to exaplorer each others profile. For that restriction what should I do? Currently user's only see /home dir but all users under /home and there dir's are visible. Any hint? Thanks, AMey. |
Anybody can help me with security boundaries for vsftpd ?
|
chroot jail vsftpd
Hi ,
you need to edit /etc/vsftpd/vsftpd.conf and add 3 lines. chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list now create blank vsftpd.chroot_list inside /etc directory with -rw-r--r-- permission. e.g:- cd /etc touch vsftpd.chroot_list Hope it will help you. Best of luck ...... Regards KB |
Quote:
Whats next? If I log in using ftp user, he can still see rest user's names in /home dir and he can explorer and can read file names how ever downloading operation failed. I dont want user to be able to see other folder than his /home profile and empty space. What should I do to enable that security option? Regards, Amey. |
I think your problem is the /home. The reason I say that is you previously said "I have changed local_path to /home". So you are seeing what you are supposed to, but nto what you want. Have you tried setting local_path to /home/$USER ?
|
Quote:
I tried to put /home/$USER in vsftpd.conf and restarted vsftpd server. Tried to connect using client. It's throwing following error message > 500 OOPS: cannot change directory:/home/$USER Any other way? Regards, Amey. |
Quote:
Then make sure that /etc/vsftps.chroot_list is empty - to start with, as this only works with a valid chroot() directory Then comment out the local_root line. It WILL work, but just incase it does not, I am posting my /etc/vsftpd.conf: Quote:
|
Quote:
|
Make a backup of your /etc/vsftpd.conf,
then overwrite with mine. then add the following lines: Quote:
|
Quote:
Quote:
|
Go back to your own /etc/vsftpd.conf of course.
I had the same problem and this is how I solved it. Add the line: Quote:
Regretfully I am unable to replicate the problem now. If this does not work I will replace my vsftpd.conf with yours and then I will try to find the bug. Chris |
All times are GMT -5. The time now is 07:07 AM. |