using vsftpd, I know its possible to specify what directory you want a user to be dropped into when he ftps in...but I dont remember where to go to change that.
any suggestions?
Am Do, den 02.02.2006 schrieb Andrew Rice um 11:02:
using vsftpd, I know its possible to specify what directory you want a user to be dropped into when he ftps in...but I dont remember where to go to change that.
any suggestions?
In the FTP server configuration and by specifying the user's $HOME.
Alexander
hmm well I didnt really see anywhere to insert a line for each individual user... ill keep looking though.
| Am Do, den 02.02.2006 schrieb Andrew Rice um 11:02: | | > using vsftpd, I know its possible to specify what directory you want a user to be dropped into when he ftps | > in...but I dont remember where to go to change that. | > | > any suggestions? | | In the FTP server configuration and by specifying the user's $HOME. | | Alexander | | | -- | Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 | legal statement: http://www.uni-x.org/legal.html | Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp | Serendipity 16:21:55 up 59 days, 20:59, load average: 0.59, 0.74, 0.65
| _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
On 02/02/06, Andrew Rice andrew@nams.net wrote:
using vsftpd, I know its possible to specify what directory you want a user to be dropped into when he ftps in...but I dont remember where to go to change that.
In a non-anonymous login the initial starting directory is the user's $HOME as specified in /etc/passwd. I don't know off the top of my head if there's any way to override this bar changing their $HOME (usermod/vipw etc.).
man vsftpd.conf for more info.
Will.
I guess that allowing public_html access to a users dir via hostname/~username is bad security correct?
| On 02/02/06, Andrew Rice andrew@nams.net wrote: | > using vsftpd, I know its possible to specify what directory you want a user to be dropped into when he ftps | > in...but I dont remember where to go to change that. | | In a non-anonymous login the initial starting directory is the user's | $HOME as specified in /etc/passwd. I don't know off the top of my head | if there's any way to override this bar changing their $HOME | (usermod/vipw etc.). | | man vsftpd.conf for more info. | | Will. | _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
} } } I guess that allowing public_html access to a users dir via } hostname/~username is bad security correct? }
depends on policy and what you are trying to accomplish
if you do not care that people's web pages hang off your domain then no biggie.
just look in the /etc/vsftpd/vsftpd.conf file and it will tell you want to do if you want to setup chroot jail for some, all, or none of your logins
- rh
-- Robert Hanson - Abba Communications Computer & Internet Services (509) 624-7159 - www.abbacomm.net
On 02/02/06, Andrew Rice andrew@nams.net wrote:
I guess that allowing public_html access to a users dir via hostname/~username is bad security correct?
I don't know if vsftpd has the facility to chroot users anywhere other than into $HOME . At least not unless you change their homes in /etc/passwd which would have a *lot* of side-effects.
You could consider ProFTPD instead. It's more flexible configuration-wise than vsftpd and I think was at one stage a standard part of older RH distros. Of course increased complexity and configuration scope can increase the chance of insecurity through misconfiguration.
proftpd-1.2.10-8.2.el4.rf.i386.rpm is available from Dag and the boys at RPMForge.
Will.
On Thursday 02 February 2006 08:39, Will McDonald wrote:
You could consider ProFTPD instead. It's more flexible configuration-wise than vsftpd and I think was at one stage a standard part of older RH distros.
I used ProFTPD on an *old* RedHat 7.x box. Since it wasn't part of the RPM database (we had to compile it to get it in) it didn't get updated, and we were subsequently cracked and used for a DDOS attack.
I really, REALLY don't recommend installing any 'replacement' for software that comes with your distro - better to stick with stock and update everything in one fell swoop with yum! Any security benefit from a particular configuration will most likely be wiped out by the additional adminstrative headache. Make vsftpd work for you - I've not seen much that ProFTPd did /does that vsftpd isn't capable of - except that with vsftpd, you'll get security udates, etc for what, another 5 or 6 years?
-Ben
-
Alexander Dalloz -
Andrew Rice -
Benjamin Smith -
Robert Hanson -
Will McDonald