Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The default ftp port is 21 (and also 20 for data transfer?), I would like to change it to, say 10021. Therefore, in the vsftpd.conf file, I write:
listen=YES
listen_port=10021
Using this config, I start the vsftpd. When using local login, everything are fine. But when I login from another computer, problems happened: It DID prompt me for user name and password, but when I enter them correctly, The connection was lost. But when I config the vsftpd to use port 21. The problem did not occur. I am very sure that I had my firewall opened at those port. Therefore I suspect that the problem is due to the setting of alternate port. What should I do?
The 2nd question, is about virtual user management. According to the example coming along with the package, I can add an account, say, called "virtual" and map any virtual user login to that user "virtual". Then these users will have certain access permission to certain directories, say, "/home/ftpsite". But this means that all virtual user login will share that directories. Can I have different virtual users having access to different directories?
About 1st question:
So you can connect to port 10021, but the connection is dropped too fast, right? If no firewall is blocking the access, maybe it's just a time-out. So please check:
* Do you use keep-alive messages to keep the connections open?
* Do you use passive mode FTP? If not, then why do you insist on using a unprivileged port (>1024) for the control connections?
* Have you considered the "run_as_launching_user" option?
About your 2nd question: I actually have different virtual users. One for downloading data (no write), another for uploading to a specific directory, etc.
The trick is to have not only virtual users enabled (really easy to set up using PAM modules), but also to take benefit of the user-specific confiration option ("user_config_dir" option).
You can then do all kinds of useful tricks, like mapping virtual users to different real ones, combining real & virtual users, playing with the permissions per user,...
Additionally, the "user_sub_token" option can also help you create home directories for specific users, if you want to use a specified pattern as explained in "man vsftpd.conf".
The first one is that I don't understand how to "map different virtual users to real users". In my understanding, when I specify:
guest_username=virtual
I've mapped all different virtual users (say tom and fred) into the real user virtual. Even if I add
user_config_dir=/etc/vsftpd_user_conf
I can manipulate their individual conf files, but they are still corresponding to the single real user, virtual. So how can I map different virtual users to real ones?
The 2nd question is a much more important one. Now I have two virtual users, tom and fred, mapped to virtual. In the /etc/vsftpd.conf, I added,
user_sub_token=$USER
and in their individual conf files (/etc/vsftpd_user_conf/tom etc), I added,
local_root=/home/ftpsite/$USER
So, now tom and fred have their root in, respectively,
/home/ftpsite/tom &
/home/ftpsite/fred
Now my question is, if I want, within both of these two directories, a link to a particular folder (say, /home/pub) where they can download stuff but not upload there, what should I do? I tried to make a symbolic link in each of the virtual users' home directory to that /home/pub, but I cannot gain access to the directory through that symlink.
For the first question: try putting the guest_username= line in both tom's and fred's config files, rather than the overall vsftpd config. By assigning two different guest_username values in each config, you'll be mapping tom to one real user and fred to another.
For the second: there's no need to put the local_root parameter in tom's and fred's config files separately, as the values are the same for both.
You could also match them to 2 different real users with appropriate home directories, but I don't recommend that, as it somewhat bypasses the point of having virtual users.
For using the link, you should make sure that:
1. the real user that tom/fred are matched to has the possibility to access the directory. This means that this user must have at least read and execute permission on all directories in the path that the symlink points to. So, if the link points to let's say /home/pub, the real user must have at least rx permission to /, /home and /home/pub. You can use "ls -ld / /home/ /home/pub" to check that.
2. I'm not sure if it's possible to restrict vsftpd to permit only downloads from a specific directory. It would probably be safer to make sure that the real user that tom/fred are mapped to does NOT have write permission on the dir that the symlink points to (ie /home/pub).
3. If you have chroot enabled, the chroot jail will prevent the link to /home/pub from working. If you want to keep the chroot jails for safety and still have the shared "pub" directory, you should either use hard links
instead of symbolic ones or use "mount --bind" (but the latter requires that you put the "pub" dir on a separate partition).
Just a minor note: /home is for users' home directories. So a shared directory like "pub" shouldn't be in there (imagine you ever want to create a user called "pub"). So I recommend to use a different path.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.