Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
07-14-2004, 10:22 PM
|
#1
|
Member
Registered: Jan 2003
Posts: 56
Rep:
|
VSFTPD Configuration Help
Alright, well I have it setup right now to allow local users then I just add users to the group ftp, this isn't working exactly how id like it but its a start.
Basically I would like to get to the point where users can do the following:
Have only certain folders they can access
Move files and folders to OTHER folders they have access to
And id like atleast my account to be able to manipulate everybodies stuff
I am sure one of you guys has some experience with this, judging by the mass amount of posts I have seen ( sorry I don't have time to search through them with work and everything )
Sorry once again for not having the time to search through a, most likely, answered question.
|
|
|
07-15-2004, 08:43 AM
|
#2
|
Member
Registered: Jan 2003
Posts: 56
Original Poster
Rep:
|
Anyone have a clue? I am at work right now so best I can do is respond to posts =/
|
|
|
07-15-2004, 05:39 PM
|
#3
|
LQ Newbie
Registered: Jun 2004
Posts: 9
Rep:
|
You just have to make system accounts for the users you want to give access to.
|
|
|
07-15-2004, 07:32 PM
|
#4
|
LQ Newbie
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10
Rep:
|
Try the following bits of vsftpd.conf
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway.. (we have only trusted users)
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
The chroot bit confines them to their home directory.
If you run vsftpd directly (from an init script) you restart it with
/etc/init.d/vsftpd restart
or if from inetd
/etc/init.d/inetd restart
Oliver
Last edited by Oliver Low; 07-15-2004 at 07:39 PM.
|
|
|
07-15-2004, 07:36 PM
|
#5
|
LQ Newbie
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10
Rep:
|
The above is what you would normally do for running VirtualHost web sites.
Obviously, as padonker says, you will need to create user accounts for them with useradd -m. Their user password will also be their ftp password.
|
|
|
07-15-2004, 11:48 PM
|
#6
|
Member
Registered: Jan 2003
Posts: 56
Original Poster
Rep:
|
Well, say I had a folder
/var/ftp/music
That I wanted everyone to be able to access, and view their homedirectory, but thats all, will chroot keep them away from that? If so I don't think chroot is the right road for me.
Don't know if thats confusing so ill give an example
A & B are users
A should only be able to see his home directory and the /var/ftp/music folder
B should only be able to see his home directory and the /var/ftp/music folder
Also, how should I add the users, is there a special group I should put them into? Right now I just did,
useradd -m -d /home/username username
passwd username ... etc
Last edited by dsheller; 07-15-2004 at 11:59 PM.
|
|
|
07-16-2004, 11:38 AM
|
#7
|
LQ Newbie
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10
Rep:
|
/var/ftp/music
To set a group in useradd use -g
To change it later use usermod userA -g groupF for the main group
or -G to supplementary groups.
You're right, the chroot would lock them away from /var/ftp/music
I don't know if theres a way in vsftp to do what you want, but a bit of lateral (/lame) thinking in the engine room here came up with the solution of creating a symbolic link in the user home directory (which does not work):
yourmachine:/home/userA# ln -s /var/ftp/music music
yourmachine:/home/userA# chown userA music
and do the chroot in vsftpd.conf
Last edited by Oliver Low; 07-16-2004 at 01:18 PM.
|
|
|
07-16-2004, 12:39 PM
|
#8
|
LQ Newbie
Registered: Jun 2004
Posts: 9
Rep:
|
If you chroot in vsftpd symbolic links cannot be followed outside of your root jail.
So, if your root is /home/user, setting a symlink to /some/dir/ is not possible.
Furthermore masking of directories is not possible under linux filesystems. I assume that you want the user only want to see /home/user and /some/dir, while not showing /usr /var /etc, and so on.
If it IS possible, it is a feature that has not come to me yet I know that such dir masking is possible under Novell and possibly eDirectory, but not (yet) under Linux. If I'm wrong, somebody please correct me and explain me how because I also would like to do that
|
|
|
07-16-2004, 01:16 PM
|
#9
|
LQ Newbie
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10
Rep:
|
Oh well.
Seemed like a good idea at the time.
What people used to do for web sites before apache VirtualHost directives, was the following. It may not be ideal, but it will work.
For uploads, users upload to /home/userA/music
a cron job copies the files into /var/ftp/music.
For downloads you could do the reverse. A bit of a waste of disk space, and only practical for a limited number of users.
Perhaps you could have people upload files using the above method, and download them via http, using basic auth if you need to restrict access.
Oliver
|
|
|
07-16-2004, 01:32 PM
|
#10
|
LQ Newbie
Registered: Jan 2004
Location: Northamptonshire, England
Distribution: SuSE and Debian
Posts: 10
Rep:
|
I looked into this a little further myself and found the following alternative:
As long as you have a recent Kernel, you can mount directories in more than one place, so:
mybox# mount --bind /var/ftp/music /home/userA/music
will do the trick.
c.f. http://proftpd.linux.co.uk/localsite...-symlinks.html
|
|
|
07-16-2004, 01:44 PM
|
#11
|
LQ Newbie
Registered: Jun 2004
Posts: 9
Rep:
|
Yes, that could be a way to do it
|
|
|
07-16-2004, 03:20 PM
|
#12
|
Member
Registered: Jan 2003
Posts: 56
Original Poster
Rep:
|
Alright so with the above way anything they upload to their home will really be uploaded to the music directory? If so, works for me =)
But one problem, when the users try to download something it gives them this error:
ftp: get: connection reset by peer
but they can upload perfectly
Last edited by dsheller; 07-16-2004 at 03:23 PM.
|
|
|
07-16-2004, 06:16 PM
|
#13
|
LQ Newbie
Registered: Jun 2004
Posts: 9
Rep:
|
The error is network related, maybe a firewall thing
|
|
|
07-16-2004, 06:25 PM
|
#14
|
Member
Registered: Jan 2003
Posts: 56
Original Poster
Rep:
|
Odd, I opened up 21, with the iptables command a while back, and have all the other routers forwarding it. Should I have 20 forwarded as well? Or maybe I am doing the iptables command wrong =/
|
|
|
07-16-2004, 06:26 PM
|
#15
|
LQ Newbie
Registered: Jun 2004
Posts: 9
Rep:
|
officially 20 should be open as well
|
|
|
All times are GMT -5. The time now is 08:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|