LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-14-2004, 11:22 PM   #1
dsheller
Member
 
Registered: Jan 2003
Posts: 56

Rep: Reputation: 15
VSFTPD Configuration Help


Alright, well I have it setup right now to allow local users then I just add users to the group ftp, this isn't working exactly how id like it but its a start.

Basically I would like to get to the point where users can do the following:

Have only certain folders they can access
Move files and folders to OTHER folders they have access to
And id like atleast my account to be able to manipulate everybodies stuff

I am sure one of you guys has some experience with this, judging by the mass amount of posts I have seen ( sorry I don't have time to search through them with work and everything )

Sorry once again for not having the time to search through a, most likely, answered question.
 
Old 07-15-2004, 09:43 AM   #2
dsheller
Member
 
Registered: Jan 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Anyone have a clue? I am at work right now so best I can do is respond to posts =/
 
Old 07-15-2004, 06:39 PM   #3
padonker
LQ Newbie
 
Registered: Jun 2004
Posts: 9

Rep: Reputation: 0
You just have to make system accounts for the users you want to give access to.
 
Old 07-15-2004, 08:32 PM   #4
Oliver Low
LQ Newbie
 
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10

Rep: Reputation: 0
Try the following bits of vsftpd.conf

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES

# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway.. (we have only trusted users)
ascii_upload_enable=YES
ascii_download_enable=YES

chroot_local_user=YES


The chroot bit confines them to their home directory.

If you run vsftpd directly (from an init script) you restart it with
/etc/init.d/vsftpd restart
or if from inetd
/etc/init.d/inetd restart

Oliver

Last edited by Oliver Low; 07-15-2004 at 08:39 PM.
 
Old 07-15-2004, 08:36 PM   #5
Oliver Low
LQ Newbie
 
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10

Rep: Reputation: 0
The above is what you would normally do for running VirtualHost web sites.
Obviously, as padonker says, you will need to create user accounts for them with useradd -m. Their user password will also be their ftp password.
 
Old 07-16-2004, 12:48 AM   #6
dsheller
Member
 
Registered: Jan 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Well, say I had a folder

/var/ftp/music

That I wanted everyone to be able to access, and view their homedirectory, but thats all, will chroot keep them away from that? If so I don't think chroot is the right road for me.

Don't know if thats confusing so ill give an example

A & B are users

A should only be able to see his home directory and the /var/ftp/music folder
B should only be able to see his home directory and the /var/ftp/music folder

Also, how should I add the users, is there a special group I should put them into? Right now I just did,

useradd -m -d /home/username username
passwd username ... etc

Last edited by dsheller; 07-16-2004 at 12:59 AM.
 
Old 07-16-2004, 12:38 PM   #7
Oliver Low
LQ Newbie
 
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10

Rep: Reputation: 0
/var/ftp/music

To set a group in useradd use -g
To change it later use usermod userA -g groupF for the main group
or -G to supplementary groups.

You're right, the chroot would lock them away from /var/ftp/music

I don't know if theres a way in vsftp to do what you want, but a bit of lateral (/lame) thinking in the engine room here came up with the solution of creating a symbolic link in the user home directory (which does not work):

yourmachine:/home/userA# ln -s /var/ftp/music music
yourmachine:/home/userA# chown userA music

and do the chroot in vsftpd.conf

Last edited by Oliver Low; 07-16-2004 at 02:18 PM.
 
Old 07-16-2004, 01:39 PM   #8
padonker
LQ Newbie
 
Registered: Jun 2004
Posts: 9

Rep: Reputation: 0
If you chroot in vsftpd symbolic links cannot be followed outside of your root jail.
So, if your root is /home/user, setting a symlink to /some/dir/ is not possible.
Furthermore masking of directories is not possible under linux filesystems. I assume that you want the user only want to see /home/user and /some/dir, while not showing /usr /var /etc, and so on.
If it IS possible, it is a feature that has not come to me yet I know that such dir masking is possible under Novell and possibly eDirectory, but not (yet) under Linux. If I'm wrong, somebody please correct me and explain me how because I also would like to do that
 
Old 07-16-2004, 02:16 PM   #9
Oliver Low
LQ Newbie
 
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10

Rep: Reputation: 0
Oh well.
Seemed like a good idea at the time.

What people used to do for web sites before apache VirtualHost directives, was the following. It may not be ideal, but it will work.

For uploads, users upload to /home/userA/music
a cron job copies the files into /var/ftp/music.

For downloads you could do the reverse. A bit of a waste of disk space, and only practical for a limited number of users.

Perhaps you could have people upload files using the above method, and download them via http, using basic auth if you need to restrict access.

Oliver
 
Old 07-16-2004, 02:32 PM   #10
Oliver Low
LQ Newbie
 
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10

Rep: Reputation: 0
I looked into this a little further myself and found the following alternative:

As long as you have a recent Kernel, you can mount directories in more than one place, so:

mybox# mount --bind /var/ftp/music /home/userA/music

will do the trick.

c.f. http://proftpd.linux.co.uk/localsite...-symlinks.html
 
Old 07-16-2004, 02:44 PM   #11
padonker
LQ Newbie
 
Registered: Jun 2004
Posts: 9

Rep: Reputation: 0
Yes, that could be a way to do it
 
Old 07-16-2004, 04:20 PM   #12
dsheller
Member
 
Registered: Jan 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Alright so with the above way anything they upload to their home will really be uploaded to the music directory? If so, works for me =)

But one problem, when the users try to download something it gives them this error:

ftp: get: connection reset by peer
but they can upload perfectly

Last edited by dsheller; 07-16-2004 at 04:23 PM.
 
Old 07-16-2004, 07:16 PM   #13
padonker
LQ Newbie
 
Registered: Jun 2004
Posts: 9

Rep: Reputation: 0
The error is network related, maybe a firewall thing
 
Old 07-16-2004, 07:25 PM   #14
dsheller
Member
 
Registered: Jan 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Odd, I opened up 21, with the iptables command a while back, and have all the other routers forwarding it. Should I have 20 forwarded as well? Or maybe I am doing the iptables command wrong =/
 
Old 07-16-2004, 07:26 PM   #15
padonker
LQ Newbie
 
Registered: Jun 2004
Posts: 9

Rep: Reputation: 0
officially 20 should be open as well
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD Configuration bharaniks Linux - Security 2 10-17-2005 12:58 AM
VSFTPD Configuration Help Hexadecimal Linux - Networking 8 08-10-2005 11:12 PM
vsftpd configuration help. jsbush Linux - Newbie 3 10-25-2003 06:40 AM
vsftpd configuration pazvant Linux - Security 1 10-22-2003 02:05 PM
vsftpd configuration help soonerjim Linux - Software 6 05-22-2003 02:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration