Find the answer to your Linux question:
Results 1 to 6 of 6
Hello! I own a linux server where is installed Fedora Core 3. I recently installed ftp server vsftpd. It's now configured that every user in /home has rights to access ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2006
    Posts
    8

    vsftpd problem


    Hello!

    I own a linux server where is installed Fedora Core 3. I recently installed ftp server vsftpd. It's now configured that every user in /home has rights to access to his own account (directory) with a full control. Everything works fine, except one thing. I would like to create a new user account with full access to public directory. That means if someone (anonymous) would enter to browser ftp://myip he would be redirected to public dir XY and able to download/list files (without upload permission). There would be also user ABC which would have all permissions only to dir XY (his home directory), so he could upload and delete files (if logged in of course). Is there any way to do that?

    And another question related to domain name. It's actually very simply. I would like to have domain name (which I already registered on eurodns.com) for my ip. So if someone would enter ftp://mydomain it would be the same if entered only my IP address. How can I do that?

    Thank you very much for further help.

    Regards,
    krneki

  2. #2
    Just Joined!
    Join Date
    Jun 2006
    Posts
    8
    Here is the situation:
    I chmod-ed /var/ftp/pub to 755 permissions. Anonymous users have now permission only to read and copy files from public dir. The user which I created with home directory on /var/ftp has exact permissions - only permission to view and copy files, but I get 500 error if I try to upload something.
    However, that's not what I need. I still want to allow anonymous users to view files (without upload/delete permission) and created user to upload/delete/create/view permissions on public directory.
    Maybe there is a trick with chroot and chmod?

  3. #3
    Linux Engineer
    Join Date
    Oct 2004
    Location
    Vancouver
    Posts
    1,366
    1) login to your registrar's site and forward your domain to your ip address, give it a few hours to update.

    2) post your vsftp.conf, or whatever it is, file and we'll help you get the exact options you like going.

    Each time you redo your config run

    /etc/init.d/vsftpd reload
    or
    /etc/init.d/vsftpd restart
    to restart the service with the new config file in mind.
    Operating System: GNU Emacs

  4. #4
    Just Joined!
    Join Date
    Jun 2006
    Posts
    8
    Here is my config file:
    # Example config file /etc/vsftpd/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=YES
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    local_umask=077
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    anon_upload_enable=no
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    anon_mkdir_write_enable=no
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=ftp
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that turning on ascii_download_enable enables malicious remote parties
    # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    # ASCII mode.
    # These ASCII options are split into upload and download because you may wish
    # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    # on the client anyway..
    ascii_upload_enable=YES
    ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    ftpd_banner=Welcome to bulek.be FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES

    pam_service_name=vsftpd
    userlist_enable=YES
    #enable for standalone mode
    listen=YES
    tcp_wrappers=YES
    anon_root=/var/ftp/pub

  5. #5
    Just Joined!
    Join Date
    Feb 2010
    Posts
    1

    Smile It WORKS!!! :-)

    Thanks for
    Quote Originally Posted by genesus View Post
    /etc/init.d/vsftpd reload
    or
    /etc/init.d/vsftpd restart

    I used

    service vsftpd restart

    but it have not been resolved permission problem. After

    /etc/init.d/vsftpd reload

    /etc/init.d/vsftpd restart


    server allowed me to upload AND DOWNLOAD!!!

    here is my configs:
    1)vsftpd.conf

    listen=YES
    listen_port=xxxx1
    max_clients=200
    max_per_ip=10
    anonymous_enable=NO
    local_enable=YES
    check_shell=NO
    pam_service_name=ftp
    write_enable=NO
    anon_upload_enable=NO
    anon_mkdir_write_enable=NO
    anon_other_write_enable=NO
    #chroot_local_user=YES
    #Default=NO
    guest_enable=YES
    guest_username=virtual
    ##passwd_chroot_enable=YES
    user_config_dir=/my.RAID5/ftp/ftp_config_files/users
    chmod_enable=YES
    chown_uploads=YES
    chown_username=virtual
    #local_umask=022
    anon_umask=022
    file_open_mode=777
    pasv_min_port=xxxx2
    pasv_max_port=xxxx3
    xferlog_enable=YES
    ##vsftpd_log_file=/var/log/vsftpd.log
    ftpd_banner=Welcome to blessed vsFTPd 2.20 service!
    ascii_download_enable=YES
    ###async_abor_enable=YES
    ###one_process_model=YES
    idle_session_timeout=120
    data_connection_timeout=30000
    accept_timeout=6000
    connect_timeout=6000
    ####################################
    ###### vsftpd-ssl-tls security #####
    ####################################
    ssl_enable=YES
    ssl_sslv2=YES
    ssl_sslv3=YES
    ssl_tlsv1=YES
    allow_anon_ssl=YES
    force_local_data_ssl=YES
    force_local_logins_ssl=NO
    rsa_cert_file=/etc/cert/vsftpd.pem
    rsa_private_key_file=/etc/cert/vsftpd.pem
    and client config file (full permits):

    local_root=/my.RAID5/ftp/ftp_users/user_xxxxxx
    anon_world_readable_only=NO
    anon_upload_enable=YES
    anon_mkdir_write_enable=YES
    anon_other_write_enable=YES
    write_enable=YES
    ##Default: NO
    #download_enable=YES
    ##Default: YES

  6. #6
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    This thread is 4 years old....locking.
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •