Navigation

Johan Strange · #1 15th February 2007, 22:52

Hi, I am new to this forum so "hello everybody". I was wondering if I could get some FTP advice.

I am configuring VS-FTP on RHEL 4 and have hit a stumbling block with the config. Basically I have a list of folders and have created Linux Users pointing to a certain one of these folders as its home directory based upon relevance. I have applied the chroot_local_user option to ensure that users do not browse outside of their home directory. This is for two reasons 1) security and 2) they need to pay a fee for access to other directories. This is simple enough however I need to be able to give some users access to multiple directories which is prohibited by the chroot_local_user. Is there a way I can create a symlink based on user account that allows access to other dirs and displays a link? Previously we have used Bullet Proof on a Windows Box which does allow for this config.

Any ideas or suggestions would be great, or even a better product that VS-FTP which is pretty much what you get nowadays with RedHat Linux.

Many thanks - Johan

falko · #2 16th February 2007, 18:29

Take a look here: http://vsftpd.beasts.org/vsftpd_conf.html
I think the solution is to use a combination of chroot_list_enable and chroot_local_user.

Johan Strange · #3 17th February 2007, 12:00

Thanks for that, I did think of that but this then takes me back to security. If I remove certain users from the chroot jail I need to prevent them accessing certain directories such as /etc. I know it is a swear word in these parts but I could do that is seconds on a Windows Server - any tips doing that on Linux.

I created a group called nochrootjail but the file system permissions are not (in my limited experience) as granular as NTFS.

falko · #4 18th February 2007, 19:04

To be honest I don't know how to do that.

Johan Strange · #5 18th February 2007, 21:10

I thought of setting the home dirs to the root of the ftp directory rather than indiviudual dirs within. Then place all users in a chroot jail. Then create a group for each directory then apply no access to "others" and control access this way. This also prevents users gaining access to / and /etc - et cetera.

This is really clumsy compared to Bulletproof FTP on Windows but it works and I would rather have a public facing Linux Server than a Public facing Windows Server.

Before I apply this has anyone got any other pearls for me. Thanks to everyone that viewed this thread and thanks for your input Falko.

Johan Strange · #6 20th February 2007, 23:19

Just to let you know that I have solved the issue. It is simple really but nevertheless took some thought. I place all FTP Uers in a chroot jail without exception however I use the mount --bind command to have file system structures appear in multiple places. Users do not require write access so thats good enough.

If your banging ur head against the wall - I hope this has helped you.

Navigation

Facebook

News

Recent comments

Newsletter