I have installed Redhat Linux version 9 and am new to Linux. I want
to set up a secure ftp server to allow authenticated users to add
files (specifically html files) to certain directories on the
filesystem. I require help to securely configure vsftpd that comes
standard with RH9.0, which is version 1.1.3-8.
Specifically,
- I do not want to allow anonymous access. I have found where to
disable this in the configuration file - is that all I need to do?
- I want certain ids to access certain directories on the filesystem
and be automatically directed there when they log in via ftp.
I hope that makes sense. I have found the vsftpd.conf configuration
file and need to know what changes I need to make to this file in
order to achieve my desired outcome. A step by step guide around the
persmissions I need to set when I create the new user, and any other
settings I need to set, would be a great help.
Please advise if you require further clarification.
Thank you. |
Request for Question Clarification by
livioflores-ga
on
06 Jul 2003 23:27 PDT
Please tell me if that helps:
Linux FTP Server Setup:
http://www.linuxhomenetworking.com/linux-hn/ftp-server.htm#_Toc32304964
vsftpd:
http://vsftpd.beasts.org/
Example config file /etc/vsftpd.conf:
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-1.1.3/vsftpd.conf
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-1.2.0/vsftpd.conf
Linux Home Networking PDF Topics:
http://www.linuxhomenetworking.com/index.htm#Linux
Setting Up FTP:
http://rimuhosting.com/support/microhowtolist.jsp#ftp
Controlling Access to Your Services with xinetd:
http://www.linuxplanet.com/linuxplanet/tutorials/4505/4/
if this info lead you to the correct configuration of the FTP server,
please let me know and I will post this info as the answer.
I will wait for your response.
Regards.
livoflores-ga
|
Clarification of Question by
jamieda-ga
on
07 Jul 2003 02:55 PDT
Thank you for the prompt response. I trolled through the vsftpd site
and did not understand the configurations they presented as examples.
The first link you supplied seemed to be the best. Of particular
interest was the example configuration - it is almost what I am after
I think.
The process as I see it is as follows:
- Change the /etc/vsftpd.conf as recommended to disable anonymous
access
- Create a group called 'ftp-users'
- Create the shared directory I want to be root
- Change the permissions to 774 - wrx for owner and group but -rx for
anonymous
- Change the owner of the group to ftp-users
- I create the users and add them to group 'ftp-users' and set the
root to the shared directory
- Copy the files to be shared into the shared directory
- Change the owner and group of the shared files
- Change the permissions of the shared files to 774
- Add the new users to the /etc/vsftpd.ftpusers file
In your eyes, will this do what I want? I will not have time to test
it fully for another 24 hours but will post a response then - success
or otherwise!
Regards,
jamieda-ga
|
Request for Question Clarification by
livioflores-ga
on
07 Jul 2003 07:37 PDT
In my opinion the answer to your last question is yes. This is the way
to do what you want, so if it works tell me if I can post the answer.
Regards.
livioflores-ga
|
Clarification of Question by
jamieda-ga
on
08 Jul 2003 13:45 PDT
I tried using the method explained in the links you provided. I found
that some parts of the configuration were being picked up (e.g., the
FTP banner) but others such as restricting FTP access to certain users
did not. I will try again this evening but any other advice you could
offer would be appreciated.
Thanks,
jamieda-ga
|
Request for Question Clarification by
livioflores-ga
on
09 Jul 2003 07:43 PDT
I am searching for more info for you, you will have news from me soon. :>))
livioflores-ga
|
Request for Question Clarification by
livioflores-ga
on
09 Jul 2003 14:03 PDT
Hi jamieda!!!
I found the following page, but it is in spanish, may be it is useful
to you:
"Cómo configurar vsftpd (Very Secure FTP Daemon)" (How to configure
vsftpd):
http://www.linuxparatodos.com/linux/09-como-vsftpd.php
From this article the following paragraph may be have the key of your
problem:
"Estableciendo jaulas para los usuarios (chroot) con los parámetros
chroot_local_user y chroot_list_file:
De modo predeterminado los usuarios del sistema que se autentiquen
tendrán acceso a otros directorios del sistema fuera de su directorio
personal. Si se desea recluir a los usuarios a solo poder utilizar su
propio directorio personal, puede hacerse fácilmente con el parámetro
chroot_local_user que habilitará la función de chroot() y el parámetro
chroot_list_file para establecer el fichero con la lista de usuarios
que quedarán excluidos de la función chroot().
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
Con lo anterior, cada vez que un usuario local se autentique en el
servidor FTP, solo tendrá acceso a su propio directorio personal y lo
que este contenga."
Translation (non textual translation):
How do I limit where a user can go with vsftpd?
By default the users have access to all the system. If you want to
jail the users in order to restrict the directories access, it can be
easily do by (adding) the parameter chroot_local_user which will
enable the function chroot() and the parameter chroot_list_file which
will stablish the file with the list of users that will be excluded
from the function chroot()
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
With the previous thing, each time that a local user be authenticated
in the FTPserver, he will have access only to its own personal folder
and what it contains.
End of free translation.
In other words:
You may specify an explicit list of local users to chroot() to their
home directory. If chroot_local_user is YES, then this list becomes a
list of users to NOT chroot().
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
The file /etc/vsftpd.chroot_list must contain the list of jailed
users.
chroot_list_enable=YES makes it so that only those listed in a file
are jailed. You can specifiy the location of the list-file via the
chroot_list_file= option in vsftpd.conf
Another choice is to comment out the above option and use
chroot_local_user=YES which means everyone not on the list is jailed.
The following pages can help you:
vsftpd:
http://freshmeat.net/projects/vsftpd/?topic_id=89
FTP Server:
German version (original version):
http://www.linuxfibel.de/printversion/ftp_srv.htm
Translation powered by WorldLingo
http://www.worldlingo.com/wl/mstranslate/UP26384/T1/P2/l/microsoft/computer_translation.html?wl_lp=DE-EN&wl_fl=0&wl_rurl=http%3A%2F%2Fhttp%3A%2F%2Fwww.linuxfibel.de%2Fprintversion%2Fftp_srv.htm%2F&wl_url=http%3A%2F%2Fwww.linuxfibel.de%2Fprintversion%2Fftp_srv.htm&wlg_table=-3
Firewall Wizards: RE: OT: FTP Servers:
http://lists.insecure.org/lists/firewall-wizards/2003/Jun/0064.html
Hope this helps, and please tell me if it works.
Good Luck!!!
livioflores-ga
|
Clarification of Question by
jamieda-ga
on
09 Jul 2003 14:53 PDT
Hi livioflores-ga,
This looks promising. Unfortunately I am very mono-lingual (i.e.,
english speaking only) so I am very grateful for your translations of
the web pages you have found. I am tied up on other matters for the
next few days, but expect a response by the end of the weekend and
thank you for your continued efforts.
Regards,
jamieda-ga
|
Request for Question Clarification by
livioflores-ga
on
17 Jul 2003 06:59 PDT
Hi jamieda!!
I need to know if you could configure your FTP server as you want in
order to claim the prize or not. Also if you need more help let me
know.
Regards.
livioflores-ga
|
Clarification of Question by
jamieda-ga
on
23 Jul 2003 19:48 PDT
Hi livoflores-ga,
Apologies for the delay in responding. I have not quite got there yet
but am well down the track. The references you have provided have
been extremely useful and I am happy with that. As such, I am happy
for you to post a structured answer using the resources you provided
me.
Is this all I need to do?
Cheers,
jamieda-ga
|
,
0 Comments
)