#1  
Old 15th February 2007, 22:52
Johan Strange Johan Strange is offline
Junior Member
 
Join Date: Feb 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default VSFTPD config

Hi, I am new to this forum so "hello everybody". I was wondering if I could get some FTP advice.

I am configuring VS-FTP on RHEL 4 and have hit a stumbling block with the config. Basically I have a list of folders and have created Linux Users pointing to a certain one of these folders as its home directory based upon relevance. I have applied the chroot_local_user option to ensure that users do not browse outside of their home directory. This is for two reasons 1) security and 2) they need to pay a fee for access to other directories. This is simple enough however I need to be able to give some users access to multiple directories which is prohibited by the chroot_local_user. Is there a way I can create a symlink based on user account that allows access to other dirs and displays a link? Previously we have used Bullet Proof on a Windows Box which does allow for this config.

Any ideas or suggestions would be great, or even a better product that VS-FTP which is pretty much what you get nowadays with RedHat Linux.

Many thanks - Johan
Reply With Quote
Sponsored Links
  #2  
Old 16th February 2007, 18:29
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Take a look here: http://vsftpd.beasts.org/vsftpd_conf.html
I think the solution is to use a combination of chroot_list_enable and chroot_local_user.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 17th February 2007, 12:00
Johan Strange Johan Strange is offline
Junior Member
 
Join Date: Feb 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for that, I did think of that but this then takes me back to security. If I remove certain users from the chroot jail I need to prevent them accessing certain directories such as /etc. I know it is a swear word in these parts but I could do that is seconds on a Windows Server - any tips doing that on Linux.

I created a group called nochrootjail but the file system permissions are not (in my limited experience) as granular as NTFS.
Reply With Quote
  #4  
Old 18th February 2007, 19:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

To be honest I don't know how to do that.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 18th February 2007, 21:10
Johan Strange Johan Strange is offline
Junior Member
 
Join Date: Feb 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I thought of setting the home dirs to the root of the ftp directory rather than indiviudual dirs within. Then place all users in a chroot jail. Then create a group for each directory then apply no access to "others" and control access this way. This also prevents users gaining access to / and /etc - et cetera.

This is really clumsy compared to Bulletproof FTP on Windows but it works and I would rather have a public facing Linux Server than a Public facing Windows Server.

Before I apply this has anyone got any other pearls for me. Thanks to everyone that viewed this thread and thanks for your input Falko.
Reply With Quote
  #6  
Old 20th February 2007, 23:19
Johan Strange Johan Strange is offline
Junior Member
 
Join Date: Feb 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Just to let you know that I have solved the issue. It is simple really but nevertheless took some thought. I place all FTP Uers in a chroot jail without exception however I use the mount --bind command to have file system structures appear in multiple places. Users do not require write access so thats good enough.

If your banging ur head against the wall - I hope this has helped you.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
spamassasin/clamAV not working Daisy Installation/Configuration 32 15th February 2007 00:09
VSFTPD config improvement leo Developers' Forum 2 19th December 2006 16:32
help with the Postfix Spam Filter using Ubuntu Dapper, MailScanner... tutorial the block Suggest HOWTO 1 8th November 2006 18:20
vsftpd difficulties teves Installation/Configuration 2 19th October 2006 09:51
VSFTPD & IDENT Lookups again trueshanti Installation/Configuration 5 3rd September 2006 14:36


All times are GMT +2. The time now is 10:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.