| View previous topic :: View next topic |
| Author |
Message |
benjones
n00b
Joined: 15 Mar 2003
Posts: 14
Location: London
|
 Posted: Tue Jun 10, 2003 8:14 am Post subject: vsftpd (or any ftpd) config q |
 |
|
| Hi... I've been looking, and I can't figure out how to do this. I'm want to setup an ftp server that looks like an anon one (ie single chrooted structure), but only allows named users to connect. I can figure out how to have one big anon pub, and I can work out how to chroot local users, but not how to chroot users to one place (ie /home/ftpd/pub). Any bright ideas? Oh, I'm not stuck on the idea of vsftpd, I'll use anything so long as it's reasonably secure. |
|
| Back to top |
|
 |
bobby_j
n00b
Joined: 03 Jun 2003
Posts: 60
Location: Columbus, OH
|
| Posted: Tue Jun 10, 2003 9:39 am Post subject: |
|
|
I thought vsftpd defaulted to one chroot..
| Code: |
chroot_local_user
If set to YES, local users will be placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.
Default: NO
|
So make sure thats not set to yes.
You can also use
| Code: |
chroot_list_enable
If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.
Default: NO
|
to make a list of people that have ftpaccess to their homedir.
heres a vsftpd.conf man page
_________________
not sold in stores
sorry, no c.o.d's |
|
| Back to top |
|
|
xedx
Tux's lil' helper
Joined: 23 May 2003
Posts: 93
|
| Posted: Tue Jun 10, 2003 10:19 am Post subject: |
|
|
you can also try pureftpd but I think vsftpd will do just fine(it's what I use) 
_________________
--+//+ |
|
| Back to top |
|
|
amne
Bodhisattva
Joined: 17 Nov 2002
Posts: 6378
Location: Graz / EU
|
| Posted: Tue Jun 10, 2003 12:26 pm Post subject: |
|
|
as long as your ftp users only should be able to log in via ftp and no other service you can do this:
set /home/ftpd/pub as the user's home directory in /etc/passwd
you can also set their shell to /bin/false, if you do so, you need to
edit /etc/pam.d/vsftpd:
add a "#" before
auth required /lib/security/pam_shells.so
because otherwise vsftpd/pam checks, if the user has a valid shell (which he hasn't). just make sure, that other users without shell (mail, news, etc) can't log in now 
write access could possibly result in a bit of a mess, set write permissions wisely  |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
