[SOLVED] FTP/Sharing file

alphatest · 02-19-2012, 11:06 PM

Hi,
i need to create login for ftp user for 200 hundred user.
can i create user with level privacy example each user just can view, download/upload data at their folder only, means the user cannot see or open other user folder using cli or client ftp utility.

or any other method/technic to do that ?

want implement this on centos

thanks

funny_sailor · 02-20-2012, 05:42 AM

I think you should use proftpd + mysql+phpmyadmin.And in proftpd config add chroot option ( maybe it's enabled by default).Then add users with phpmyadmin.

lithos · 02-20-2012, 06:39 AM

Hi alphatest

I would suggest you to create a vsftpd with mysql database to hold the usernames/passwords like in my guide here.
You will have almost instant access and control on usernames and passwords, without searching for many config files.

good luck

alphatest · 02-20-2012, 09:56 AM

Hi,

thanks both of you....

from your guide could be example if i need to create 100 user ftp with all user does not have access to other user and folder ?

means all user only see their folder/file to download or upload and other user file that has been upload by administrator could not be see by others ?

can do that form the guide

thanks

rhbegin · 02-20-2012, 10:09 AM

Quote:

Originally Posted by lithos

Hi alphatest

I would suggest you to create a vsftpd with mysql database to hold the usernames/passwords like in my guide here.
You will have almost instant access and control on usernames and passwords, without searching for many config files.

good luck

GREAT guide.

Also, don't forget about selinux exceptions (in his guide) otherwise it will not work.

satyadev75 · 02-20-2012, 03:32 PM

it can be possible in vsftpd and proftpd too.. if we limit users to only their home directory and enable upload option in ftp configuration then the other users cant enter into users home folder and user can upload and download the files

$sudo nano /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

then login to ftpserver by the user account can directly goes to thier home dir . no other can have permission to enter into that folder.

please select the question as solved if your doubt clear

lithos · 02-21-2012, 03:40 AM

Quote:

Originally Posted by satyadev75

it can be possible in vsftpd and proftpd too.. if we limit users to only their home directory and enable upload option in ftp configuration then the other users cant enter into users home folder and user can upload and download the files

....
then login to ftpserver by the user account can directly goes to thier home dir . no other can have permission to enter into that folder.

please select the question as solved if your doubt clear

Correct, but you have to create users locally on server (useradd... - not "virtual") so they exist on server having their login name/pass and home dir

alphatest · 02-21-2012, 07:56 PM

Hi,

ok for that but can from the guide i want to create one user that can view all user and could be upload/download the file.

please help this

thanks for solutions

lithos · 02-22-2012, 02:22 AM

Hi alphatest

It's a bit complicated as the answer is not clear yes or no.

Let's see an example of directories for FTP users:

Code:

/home/users/
/home/users/supertestuser
/home/users/testuser1
/home/users/testuser2
/home/users/testuser3
/home/users/testuser4

Now if you want to allow "supertestuser" to access all "testuser.." directories

it will work if you put the "supertestuser" home dir in the "/home/users", like:
# vi /etc/vsftpd/vsftpd_user_conf/supertestuser

Code:

dirlist_enable=YES
download_enable=YES
# full path to the directory where 'user' will have access, change to your needs
local_root=/home/users
write_enable=YES

and ALL other "testuser.." you lock at their home directories, so they cannot see outside of it.
# vi /etc/vsftpd/vsftpd_user_conf/testuser1
this config file ^^^ is for every "non-default" settings (default is set in vsftpd.conf : local_root=/home/vsftpd/$USER )

Code:

dirlist_enable=YES
download_enable=YES
local_root=/home/users/testuser1   <-- change this /home/users/testuserXXX  for other users to their directory
write_enable=YES

This is an example of the directory structure for many users and one (or again many) "superuser".

If the directory structure is different, then it's not possible to allow one "superuser" to access all other users (except if vsftpd configured for local users and allowing Root to login == BAD case)

I hope it helps you clarify how to achieve what you want otherwise ask again where you have a problem.

alphatest · 02-22-2012, 08:18 AM

Hi,

just follow all the guide ? or need something

Quote:

With the user_config_dir option you can specify a directory for per-user configuration files that override parts of the global settings. This is totally optional and up to you if you want to use this feature.
However, create that directory now:
mkdir /etc/vsftpd/vsftpd_user_conf

will need to add each user on the directory by every each will put setting to that user?

Quote:

vi /etc/vsftpd/vsftpd_user_conf/user1
with configuration settings in it:
dirlist_enable=YES
download_enable=YES
# full path to the directory where 'user1' will have access, change to your needs
local_root=/home/users/user1
write_enable=YES

thanks

alphatest · 02-22-2012, 10:56 AM

Hi,

i follow all the guide that you give, after finish all configuration trying to login to ftp server but the password login is incorrect

why ?

lithos · 02-22-2012, 12:06 PM

Hi

Well, first thing to be careful about is PAM module for vsftpd:
[quote]/etc/pam.d/vsftpd contents (note: this should be only 4 lines when you copy it):

Code:

#%PAM-1.0
session     optional     pam_keyinit.so     force revoke
auth required pam_mysql.so user=vsftpd passwd=vsftpdpassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
account required pam_mysql.so user=vsftpd passwd=vsftpdpassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3

otherwise vsftpd authentication can not read username/ password from database (mysql)

then it's another critical point where username and password in database is stored
it's the type of the password that is MD5 hash'ed
where your mysql database with u/p must be like:

Code:

INSERT INTO accounts (username, pass) VALUES('user1', md5('secret'));

# mysql -u vsftpd -p  (here the prompt asks you for "vsftpd" user's password)
mysql> select * from accounts;
+----+-----------+----------------------------------+
| id | username | pass |
+----+-----------+----------------------------------+
| 1 | user1 | 5ebe2294ecd0e0f08eab7690d2a6ee69 |
+----+-----------+----------------------------------+
1 rows in set (0.00 sec)

exit;

or use Phpmyadmin to set the correct values into a table,

and post your FTP message code which you get when trying to connect.

alphatest · 02-22-2012, 07:57 PM

Hi,

create mysql -u root -p or create mysql -u vsftpd -p ?

i follow from the guide, create to root and setup vsftpd database.

from your last reply seem to be create to vsftpd

thanks

alphatest · 02-22-2012, 08:19 PM

hi,

this error occur when try to login to ftp

Thu Feb 23 02:19:46 2012 [pid 29591] [user2] FTP response: Client "210.19.31.162", "530 Login incorrect."
Thu Feb 23 02:19:49 2012 [pid 29591] FTP command: Client "210.19.31.162", "QUIT"
Thu Feb 23 02:19:49 2012 [pid 29591] FTP response: Client "210.19.31.162", "221 Goodbye."
Thu Feb 23 02:19:51 2012 [pid 29595] CONNECT: Client "210.19.31.162"
Thu Feb 23 02:19:51 2012 [pid 29595] FTP response: Client "210.19.31.162", "220 (vsFTPd 2.0.5)"
Thu Feb 23 02:19:56 2012 [pid 29595] FTP command: Client "210.19.31.162", "USER user2"
Thu Feb 23 02:19:56 2012 [pid 29595] [user2] FTP response: Client "210.19.31.162", "331 Please specify the password."
Thu Feb 23 02:20:00 2012 [pid 29595] [user2] FTP command: Client "210.19.31.162", "PASS <password>"

alphatest · 02-22-2012, 11:31 PM

Hi,

if i want create 100 ftp user then

i need

Quote:

vi /etc/vsftpd/vsftpd_user_conf/user1
with configuration settings in it:
dirlist_enable=YES
download_enable=YES
# full path to the directory where 'user1' will have access, change to your needs
local_root=/home/users/user1
write_enable=YES

to create this to every user ..right ?

now still cannot login