Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Alright, well I have it setup right now to allow local users then I just add users to the group ftp, this isn't working exactly how id like it but its a start.
Basically I would like to get to the point where users can do the following:
Have only certain folders they can access
Move files and folders to OTHER folders they have access to
And id like atleast my account to be able to manipulate everybodies stuff
I am sure one of you guys has some experience with this, judging by the mass amount of posts I have seen ( sorry I don't have time to search through them with work and everything )
Sorry once again for not having the time to search through a, most likely, answered question.
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway.. (we have only trusted users)
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
The chroot bit confines them to their home directory.
If you run vsftpd directly (from an init script) you restart it with
/etc/init.d/vsftpd restart
or if from inetd
/etc/init.d/inetd restart
Oliver
Last edited by Oliver Low; 07-15-2004 at 07:39 PM.
The above is what you would normally do for running VirtualHost web sites.
Obviously, as padonker says, you will need to create user accounts for them with useradd -m. Their user password will also be their ftp password.
That I wanted everyone to be able to access, and view their homedirectory, but thats all, will chroot keep them away from that? If so I don't think chroot is the right road for me.
Don't know if thats confusing so ill give an example
A & B are users
A should only be able to see his home directory and the /var/ftp/music folder
B should only be able to see his home directory and the /var/ftp/music folder
Also, how should I add the users, is there a special group I should put them into? Right now I just did,
To set a group in useradd use -g
To change it later use usermod userA -g groupF for the main group
or -G to supplementary groups.
You're right, the chroot would lock them away from /var/ftp/music
I don't know if theres a way in vsftp to do what you want, but a bit of lateral (/lame) thinking in the engine room here came up with the solution of creating a symbolic link in the user home directory (which does not work):
yourmachine:/home/userA# ln -s /var/ftp/music music
yourmachine:/home/userA# chown userA music
and do the chroot in vsftpd.conf
Last edited by Oliver Low; 07-16-2004 at 01:18 PM.
If you chroot in vsftpd symbolic links cannot be followed outside of your root jail.
So, if your root is /home/user, setting a symlink to /some/dir/ is not possible.
Furthermore masking of directories is not possible under linux filesystems. I assume that you want the user only want to see /home/user and /some/dir, while not showing /usr /var /etc, and so on.
If it IS possible, it is a feature that has not come to me yet I know that such dir masking is possible under Novell and possibly eDirectory, but not (yet) under Linux. If I'm wrong, somebody please correct me and explain me how because I also would like to do that
Odd, I opened up 21, with the iptables command a while back, and have all the other routers forwarding it. Should I have 20 forwarded as well? Or maybe I am doing the iptables command wrong =/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.