VSFTPD config

Discussion in 'Server Operation' started by Johan Strange, Feb 15, 2007.

  1. Johan Strange

    Johan Strange New Member

    Hi, I am new to this forum so "hello everybody". I was wondering if I could get some FTP advice.

    I am configuring VS-FTP on RHEL 4 and have hit a stumbling block with the config. Basically I have a list of folders and have created Linux Users pointing to a certain one of these folders as its home directory based upon relevance. I have applied the chroot_local_user option to ensure that users do not browse outside of their home directory. This is for two reasons 1) security and 2) they need to pay a fee for access to other directories. This is simple enough however I need to be able to give some users access to multiple directories which is prohibited by the chroot_local_user. Is there a way I can create a symlink based on user account that allows access to other dirs and displays a link? Previously we have used Bullet Proof on a Windows Box which does allow for this config.

    Any ideas or suggestions would be great, or even a better product that VS-FTP which is pretty much what you get nowadays with RedHat Linux.

    Many thanks - Johan
  2. falko

    falko Super Moderator ISPConfig Developer

  3. Johan Strange

    Johan Strange New Member

    Thanks for that, I did think of that but this then takes me back to security. If I remove certain users from the chroot jail I need to prevent them accessing certain directories such as /etc. I know it is a swear word in these parts but I could do that is seconds on a Windows Server - any tips doing that on Linux.

    I created a group called nochrootjail but the file system permissions are not (in my limited experience) as granular as NTFS.
  4. falko

    falko Super Moderator ISPConfig Developer

    To be honest I don't know how to do that.
  5. Johan Strange

    Johan Strange New Member

    I thought of setting the home dirs to the root of the ftp directory rather than indiviudual dirs within. Then place all users in a chroot jail. Then create a group for each directory then apply no access to "others" and control access this way. This also prevents users gaining access to / and /etc - et cetera.

    This is really clumsy compared to Bulletproof FTP on Windows but it works and I would rather have a public facing Linux Server than a Public facing Windows Server.

    Before I apply this has anyone got any other pearls for me. Thanks to everyone that viewed this thread and thanks for your input Falko.
  6. Johan Strange

    Johan Strange New Member

    Just to let you know that I have solved the issue. It is simple really but nevertheless took some thought. I place all FTP Uers in a chroot jail without exception however I use the mount --bind command to have file system structures appear in multiple places. Users do not require write access so thats good enough.

    If your banging ur head against the wall - I hope this has helped you.

Share This Page