LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Vsftpd Config ? Is this possible? (https://www.linuxquestions.org/questions/linux-software-2/vsftpd-config-is-this-possible-379667/)

Jukas 11-03-2005 02:00 PM
Vsftpd Config ? Is this possible?
 
I've got vsftpd running fine on my debian box and allowing connections to local users. However I also want to allow connections to specific non local usernames and chroot jail them in a specific directory and give them write/modify permissions to a single sub directory.

In short I'd like the config to be like this..

Local users:
Login as normal, put in their home directory

Non local user:
if they match an allowed username / pw I'd like them to be put in and chrooted to /ftp with only read/execute permissions on subdirectories except /ftp/uploads which they would have rwx permissions to.

Anon users - denied immediately.

I've read the man pages for the vsftpd.conf and played with the userlist_enable/deny/file options but that seems to only control local users.

Basically I want to be able to have people/clients who don't have a account on my linux box to be able to ftp into a specific directory and browse all sub directories and dl any content there. I also want them to be able to upload to 1 specific directory only.

Did I miss something in the man pages? Is this even possible with vsftpd?

ilikejam 11-03-2005 02:45 PM
Hi.

I believe it's possible to do something like this with PAM, but I'm no expert in that field. Why not just create local users for these accounts?
Make their home directory /ftp and make their login shell /sbin/nologin You can then just use normal filesystem permissions to give access to their own subdirectory.

Dave

Jukas 11-03-2005 05:17 PM
Quote:
Originally posted by ilikejam
Hi.

I believe it's possible to do something like this with PAM, but I'm no expert in that field. Why not just create local users for these accounts?
Make their home directory /ftp and make their login shell /sbin/nologin You can then just use normal filesystem permissions to give access to their own subdirectory.

Dave
Yeah, that's probably how I'll end up doing it. I was just curious if was possible to do within vsftpd itself.

chemdawg 11-03-2005 07:09 PM
it is indeed - you can get some insight reading the vsftpd.conf.5 file as it has a lot more options than the standard vsftpd.conf file. i think these two lines will jail users to their home directories.

Code:
passwd_chroot_enable=YES
chroot_local_user=YES
and you'll need to create the users with adduser and also add their names to the vsftpd.chroot_list file.

Jukas 11-03-2005 07:11 PM
Quote:
Originally posted by chemdawg
it is indeed - you can get some insight reading the vsftpd.conf.5 file as it has a lot more options than the standard vsftpd.conf file. i think these two lines will jail users to their home directories.

Code:
passwd_chroot_enable=YES
chroot_local_user=YES
and you'll need to create the users with adduser and also add their names to the vsftpd.chroot_list file.
Thanks for the reply but you misunderstood. My inital query was about doing that without the user being local. I.e. a config file with allowed remote usernames/pw which doesn't seem possible.

chemdawg 11-03-2005 07:51 PM
I am sorry, I did misunderstand. I agree with you, I havn't found a way to do that yet. What I ended up doing was what I wrote in my post, and that works for my purpose as well as anything. My friends can access my server because I have given them the generic user and password. I believe the only other option is to make an anonymous login which has no user or password.


All times are GMT -5. The time now is 05:54 AM.