Find the answer to your Linux question:
Results 1 to 7 of 7
hi .. as the subject says, how do i do it ?? I'll explain my problem ... i am using vsftpd with LOCAL Login enabled. i hav two ftp dirs, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Jul 2004
    Location
    Calcutta, India
    Posts
    220

    Restrict access to a Directory for a SINGLE user


    hi ..
    as the subject says, how do i do it ??
    I'll explain my problem ... i am using vsftpd with LOCAL Login enabled.
    i hav two ftp dirs, :
    /home/ftp/ftproot/
    /home/ftp/ftpwin/
    i hav 2 ftp users : myguest ( the 1st dir is the home dir for this user )
    winguest ( the 2nd dir is the home dir for this user )
    both myguest and winguest hav primary group as "ftp-users".

    i also hav 2 other normal users : "prosen" and "prosenjit".
    both belongs to "thepro" group
    Hence :
    $ ls -l /home
    total 12
    drwx--x--x 4 prosen ftp-users 4096 Feb 1 17:16 ftp
    drwx------ 58 prosen thepro 4096 Feb 17 12:29 prosen
    drwx------ 40 prosenjit thepro 4096 Feb 17 12:30 prosenjit
    $

    the thing is suppose i browse by firefox ftp://myguest@10.109.1.51/ ,
    it opens in /home/ftp/ftproot/, but if i now browse to ftp://myguest@10.109.1.51/../../ ,
    it will open the /home dir, showing the dirs prosen and prosenjit as well ..
    this I DO NOT want, it shud show at most the ftp dir .
    i hav taken care of the /home/ftp/ dir by chmod 711 .. but cant do the same for /home dir,
    since tht will render the users "prosen" and "prosenjit" unable to access /home dir ..
    ( and i DONT want these 2 users to hav "root" as their group ),

    so i just want to - "r" permission for /home dir for ONLY the users
    "winguest" and "myguest" . How do i do it ??

    >
    >
    >
    >

  2. #2
    Just Joined!
    Join Date
    Feb 2005
    Posts
    9
    The following site should help you set up vsftpd to chroot your users.
    http://www.siliconvalleyccie.com/lin...m#_Toc92808798

  3. #3
    Linux Newbie
    Join Date
    Jul 2004
    Location
    Calcutta, India
    Posts
    220
    well, i appreciate your help martin, but thats exactly the site from where I
    learnt to setup vsftpd. I havent found any such chrooting options. Could
    you tell me if you come to know ???

    btw. : I worked around my soln and this looks a good one :
    I chgrped /home dir to "thepro" and thn chmod it as 751.

    Funny thing is that Parent directory issue comes up with Firefox (0.9.3) only,
    I tried with IE, Opera & Mozilla, they have no such problems.

    But I would still like to know the answer to the main topic :
    Can I RESTRICT ACCESS to a Directory for a SINGLE User ?? If Yes, then HOW ??
    >
    >

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jan 2005
    Location
    Toronto, ON, Canada
    Posts
    79
    From I have read here : http://owen.sj.ca.us/rkowen/howto/anonftp.html

    May be should be sure that myguest user /etc/password the shell setted to false and also talks about doing chroot.

    afrolinux

  6. #5
    Just Joined!
    Join Date
    Feb 2005
    Posts
    9
    The following is from the vsftpd man page. Just add 1 of the entries to your configuration file.

    chroot_list_enable
    If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.

    Default: NO

    chroot_local_user
    If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

    Default: NO

  7. #6
    Linux Newbie
    Join Date
    Jul 2004
    Location
    Calcutta, India
    Posts
    220
    ya .. thanxx a lot martin, tht "chroot_local_user" was gud enuf for me ...
    i dont wanna have any of my ftp users have a view of my directory structure ..

    I overlooked tht part in the man page ..

  8. #7
    Just Joined!
    Join Date
    Feb 2005
    Posts
    1
    If they ssh they can still view your filesystem.
    To avoid this you should set your users shell to /bin/false and add this shell to your system valid shells by editing /etc/shells.
    Now you truly have users that can only ftp to your machine and stay in their home dir.

    Cheers,

    -Scott

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •