Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently switched to a newer version of my distribution and so am using vsftpd instead of proftpd. The daemon runs fine and accepts connections from localhost:
Jessard:~$ ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 (vsFTPd 2.0.1)
Name (127.0.0.1:Jessard):
But, if I try to connect with my assigned address I get this:
Jessard:~$ ftp 192.168.0.46
Connected to 192.168.0.46 (192.168.0.46).
421 Service not available.
ftp>
I'm sure this is not a firewall or network problem, but I don't know what to check for; nothing in the config file seems to mention this sort of behavior. Any ideas?
Yep, and just to make sure I stopped iptables altogether for a minute, with no effect on the problem. Thanks for the idea, though. Is there anywhere that vsftpd lets you to disallow remote connections or something?
You seem like you know what your talking about, so I presume you've got your /etc/hosts.allow file set up correctly?
You got other daemons running on your machine that let you connect to it remotely?
Well, there it is. I figured I was fine with my hosts.allow since it makes no mention of the ftp, http, etc servers and the others besides ftp work, but after adding "vsftpd:ALL" it works. Thanks! Do you know why this line is necessary with vsftpd but not with, say, httpd? Is it something that this server in particular chooses to enforce?
Well, Don't quote me on this, but I believe it is to do with security.
httpd is chroot'd to the directorie(s) listed in the httpd.conf, whereas vsftpd has the functionality to access anything, anywhere on the server (with the correct permissions of course).
Thanks, I think I see what you mean. I've been fiddling with the server now, trying to see how to lock it down a bit, and it's proving to be kind of tricky. Do you (or anybody) know of a way to keep a user from leaving a certain directory? For example, I have a user "upload" who I would like to be able to access "/upload," but not cd .. and have access to everything (This is within the context of the ftp server, not a shell or anything)
Now you need to create the /etc/vsftpd/vsftpd.chroot_list file.
This is a list of users of the FTP server that can go ANYWHERE. Be careful with this, because any user listed in this file will be able to "cd" to wherever their permissions allow. Any users that are NOT in this file are "chroot'd" or "jail'd" to their home directories.
Now the easiset and most secure way to create a user that can only access "/upload" would be to create a Linux user, called upload and set that users home directory to "/upload" and make sure they ARE NOT in the /etc/vsftpd/vsftpd.chroot_list file.
This will allow the "upload" user to access any files/directories in the /upload directory.
Playing with this users permissions will dictate if they are allowed to modify the files that are already contained in this directory.
Hope this helps, and sorry about the delay in the reply... been afk for a few days!
Originally posted by rizhun
Now the easiset and most secure way to create a user that can only access "/upload" would be to create a Linux user, called upload and set that users home directory to "/upload" and make sure they ARE NOT in the /etc/vsftpd/vsftpd.chroot_list file.
And that's exactly what I did. Thanks again, looks like everything's up and running the way I'd like, now
I have a question - I'm running vsftpd, and it's sort of working (i can login - but i can't change things, like mkdir or anyting) - and I had a question about that chroot stuff - I'm really new to this, so please pardon.
I'd just like to know, in the new file that I have to create in (it says) /etc/vsftpd/chroot_list - what exactly do i put? just the username that has full access?
What I want to do is, I have a site on the server, and I'd like to upload files just by logging in through smart ftp of cute ftp, et al. (and as another side note - i can only ftp the server through command prompt in windows or teh terminal in linux - i can't use smartftp or cuteftp, i get an error that says teh host machine's software has dropped the connection)
so I want it to automatically upload to /var/www/html/ (for apache 2) on a specific username, and then another username will upload in another part. what I had set up was that a specific user had it's home directory in /home/[that username] - how can I change this?
also - I went into /etc/passwd and changed the username I'd like to have access to /var/www/html to that.
and also - when i try to restart vsftpd, it fails when it trys to shut it down
haha - sorry for all the questions.
someone reply please, thanks.
-Asim
Last edited by ycamera2mank; 09-03-2005 at 08:12 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.