Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 01-13-2006, 05:45 PM   #1
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Rep: Reputation: 15
VSFTPD Configuration & Firewall Problem


I am having difficulties configuring VSFTPD. I am running Suse 8.0 and SAMBA (this is suffering grief with the firewall too)

I would like to to have the server accept anonymous and named users.

The first problem I have is with the firewall. If it up then no transfers are possible. If I take the firewall down then I can log in can log in and transfer with a username but anonymous login does not allow any transfers and directory changing and directory creation fails too.

I guess this is the first priority.

Then I have a problem of limiting access. If I log in with my account name or as a user with only limited access rights I can still get anywhere on the system reek havoc.

So I guess the question is how do I prevent a user getting out of the public directory?

I have created a user group with read only privaleges as per the tutorial I found at site

but they have restricted rights in their home directory. they can drill up to root without limitation

And finally, where is the home directory for the anonymous user?

here is my conf file

ftpd_banner=Welcome to THE GREENWAY FTP service.

Old 01-13-2006, 05:55 PM   #2
Senior Member
Registered: Aug 2003
Location: Honolulu, HI
Distribution: Arch
Posts: 1,380

Rep: Reputation: 47
I would read the vsftp man pages before you open this up, you could end up causing yourself a lot of grief with an insecure ftp server.


The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.

Default: /etc/vsftpd.chroot_list
Old 01-14-2006, 06:48 AM   #3
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Ah the penny is dropping! (Sorry but I only got off the boat this week so my knowledge of local customs and dialects is a little sketchy.)

I understand the local_user is anybody who is not anonymous. I had thought that it referred to internal and externally connected users.
What I am trying to achieve is 3 classes of users, lets call them punters, customers and staff. All punters are anonymous. Customers should be held in the root jail and staff can roam anywhere in the ftp area of the machine.

So if I have added


Now customers are locked in /home/cust_pub with read only priviliges, fine. Staff have read and write privileges in /home/staff_dir and /home/shareddocs but can browse over the whole machine.

How can I stop them going up from /home ?

Setting file access permissions right seems to be a labour of love but I'm getting there!

Please can you tell me where the anonymous directory is or should be created?

Last edited by rcrosoer; 01-14-2006 at 06:54 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem: VSFTPD using SSL through firewall dancinfrandsen Linux - Software 0 03-30-2005 04:01 PM
Lan configuration problem - NFS boot problem - RX&TX packets errors 242VDM242 Linux - Networking 4 11-25-2004 02:35 PM
vsftpd configuration problem adrianmak Linux - Software 0 09-15-2004 08:18 AM
LAN & firewall problem ZaphyR Linux - Networking 2 07-28-2004 03:43 PM
SuSE 9.0 Pro : vsftpd configuration problem pnoronen Linux - Networking 0 02-11-2004 07:52 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:45 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration