hey friends,
I am using vsftpd version 2.0.1 on Centos4.0. I am trying to create some virtual users who can upload,download and delete the files in their particular directories. I followed the below link to create the virutal users
http://linuxsir.zahui.net/html/23/43449.htm
I have created a user called "tester" and the entries in the tester file (/etc/vsftpd/vsftpd_user_conf/tester) are
anon_world_readable_only=NO user_sub_token=$USER local_root=/var/www/html/testing write_enable=YES anon_upload_enable=YES chown_uploads=YES
The problem I am facing is that virtual user is not able to delete the files or folders under /var/www/html/testing directory but this user can upload and download the files or folders on /var/www/html/testing
The vsftpd.conf file user_config_dir=/etc/vsftpd/vsftpd_user_conf write_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO chroot_local_user=YES guest_enable=YES guest_username=apache listen=YES hide_ids=YES hide_files=lost+found pam_service_name=ftp userlist_enable=YES local_umask=022 anonymous_enable=NO local_enable=YES tcp_wrappers=YES
How do I configure vsftp so that virtual users can upload,delete and download the files or folders ? SELinux is off on Centos4.0 and iptables are configured to allow FTP ports.
Please let me know if you need any further inputs.
Thanks & Regards
Ankush Grover
ankush grover wrote:
hey friends,
I am using vsftpd version 2.0.1 on Centos4.0. I am trying to create some virtual users who can upload,download and delete the files in their particular directories. I followed the below link to create the virutal users
http://linuxsir.zahui.net/html/23/43449.htm http://linuxsir.zahui.net/html/23/43449.htm
I have created a user called "tester" and the entries in the tester file (/etc/vsftpd/vsftpd_user_conf/tester) are
anon_world_readable_only=NO user_sub_token=$USER local_root=/var/www/html/testing write_enable=YES anon_upload_enable=YES chown_uploads=YES
The problem I am facing is that virtual user is not able to delete the files or folders under /var/www/html/testing directory but this user can upload and download the files or folders on /var/www/html/testing
The vsftpd.conf file user_config_dir=/etc/vsftpd/vsftpd_user_conf write_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO chroot_local_user=YES guest_enable=YES guest_username=apache listen=YES hide_ids=YES hide_files=lost+found pam_service_name=ftp userlist_enable=YES local_umask=022 anonymous_enable=NO local_enable=YES tcp_wrappers=YES
How do I configure vsftp so that virtual users can upload,delete and download the files or folders ? SELinux is off on Centos4.0 and iptables are configured to allow FTP ports.
Please let me know if you need any further inputs.
Thanks & Regards
Ankush Grover
who owns /var/www/html/testing and what are the perms set on that directory? VsFTP still has to follow filesystem settings and directives.
who owns /var/www/html/testing and what are the perms set on that directory? VsFTP still has to follow filesystem settings and directives.
hey,
Thanks for your reply. Apache owns that directory.
permissions 755
guest username on vsftp is apache.
Regards
Ankush Grove
ankush grover wrote:
who owns /var/www/html/testing and what are the perms set on that directory? VsFTP still has to follow filesystem settings and directives. hey,
Thanks for your reply. Apache owns that directory.
permissions 755
guest username on vsftp is apache.
Regards
Ankush Grove
well, for the user *tester* to be able to access that directory the user has to either have ownership of that directory or be a member of the group that has access rights to that directory. My suggestion would be to make ownership of that directory tester.apache, and make the user tester a member of the group apache. Then your chmod setting of 755 will give the user *tester* rwx (read/write/execute) and the apache group r-w (read/-/execute) perms for that directory.
then when user tester logs in via FTP he'll be able to access his home directory.
well, for the user *tester* to be able to access that directory the user has to either have ownership of that directory or be a member of the group that has access rights to that directory. My suggestion would be to make ownership of that directory tester.apache, and make the user tester a member of the group apache. Then your chmod setting of 755 will give the user *tester* rwx (read/write/execute) and the apache group r-w (read/-/execute) perms for that directory.
then when user tester logs in via FTP he'll be able to access his home directory.
hey,
Virtual users of vsftp are non system users. I have created the virtual users through
db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
entries of vsftpd_login is like this
ankush -> username ankush -> password of username ankush tester -> username tester-> password of username tester
If this user (in this case tester) is not a system user how can I make it the member of apache group?
If I give 777 permissions on /var/www/html/testing then anybody can delete the files which I don't want ?
May be setting setuid or setgid on the testing directory solves the problem (let me test this out).
Thanks & Regards
Ankush Grover
On Sun, 2006-07-16 at 18:38 +0530, ankush grover wrote:
who owns /var/www/html/testing and what are the perms set on that directory? VsFTP still has to follow filesystem settings and directives. hey,
Thanks for your reply. Apache owns that directory.
permissions 755
ls -dl /tmp # Maybe a solution is there?
guest username on vsftp is apache.
Regards
Ankush Grove
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sun, 2006-07-16 at 10:57 -0400, William L. Maltby wrote:
On Sun, 2006-07-16 at 18:38 +0530, ankush grover wrote:
<snip>
ls -dl /tmp # Maybe a solution is there?
*sigh*
I don't know why I either a) post replies like this or b) can't leave it at that when I do.
See "man chmod" section "STICKY DIRECTORIES". It seems like it might be a solution if different users write to the directory and you want the owners of the files (those same users?) to be able to overwrite and delete them.
<snip>