Currently, a users directory is owned by the user and the group is ftp. The permissions are 775.
In reading the MAN pages for vsftp, I do not see any other ways to retrict the user from just being able to view their won directory and the sub-dirs.
Am I going wrong here?
Todd
On Tuesday 06 September 2005 18:25, Todd Cary wrote:
Currently, a users directory is owned by the user and the group is ftp. The permissions are 775.
You mean the users home directory, right?
In reading the MAN pages for vsftp, I do not see any other ways to retrict the user from just being able to view their won directory and the sub-dirs.
Not sure what exactly you're trying to do, but a user will always have access to his own home directly. If you don't want that then I guess you will have to create separate users for the ftp access...
Peter.
The user can get to /home and see the other dirs...is there a way to make it so the user cannot view the other dirs?
Todd
Peter Arremann wrote:
On Tuesday 06 September 2005 18:25, Todd Cary wrote:
Currently, a users directory is owned by the user and the group is ftp. The permissions are 775.
You mean the users home directory, right?
In reading the MAN pages for vsftp, I do not see any other ways to retrict the user from just being able to view their won directory and the sub-dirs.
Not sure what exactly you're trying to do, but a user will always have access to his own home directly. If you don't want that then I guess you will have to create separate users for the ftp access...
Peter. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Todd Cary wrote:
The user can get to /home and see the other dirs...is there a way to make it so the user cannot view the other dirs?
Check out the vsftpd.conf man page and search for 'chroot'. I have it enabled and lock every into their home directory. Then I also enable the exclude list so that when I ftp in I can go anywhere.
Here's the excerpt from my config:
# You may specify an explicit list of local users to chroot() to their # home directory. If chroot_local_user is YES, then this list becomes # a list of users to NOT chroot().
# chroot everyone chroot_local_user=YES # enable the excempt list chroot_list_enable=YES # and here's the list chroot_list_file=/etc/vsftpd.chroot_list
On Tuesday 06 September 2005 18:58, Ajay Sharma wrote:
Todd Cary wrote:
The user can get to /home and see the other dirs...is there a way to make it so the user cannot view the other dirs?
Check out the vsftpd.conf man page and search for 'chroot'. I have it enabled and lock every into their home directory. Then I also enable the exclude list so that when I ftp in I can go anywhere.
Here's the excerpt from my config:
# You may specify an explicit list of local users to chroot() to their # home directory. If chroot_local_user is YES, then this list becomes # a list of users to NOT chroot().
# chroot everyone chroot_local_user=YES # enable the excempt list chroot_list_enable=YES # and here's the list chroot_list_file=/etc/vsftpd.chroot_list
Yep, that's the way... passwd_chroot_enable might be worth checking out as well.
Peter.
Thank you...that is what I was looking for. However, I have a question: the man page does not give any information and when I go to vsfptd.conf, "chroot_local_user" is not listed as an option. Have I missed something" Do I need another cup of cofee?
I went to another server of mine and I did find that I had added "chroot_local_user=YES".
Todd
Ajay Sharma wrote:
Todd Cary wrote:
The user can get to /home and see the other dirs...is there a way to make it so the user cannot view the other dirs?
Check out the vsftpd.conf man page and search for 'chroot'. I have it enabled and lock every into their home directory. Then I also enable the exclude list so that when I ftp in I can go anywhere.
Here's the excerpt from my config:
# You may specify an explicit list of local users to chroot() to their # home directory. If chroot_local_user is YES, then this list becomes # a list of users to NOT chroot().
# chroot everyone chroot_local_user=YES # enable the excempt list chroot_list_enable=YES # and here's the list chroot_list_file=/etc/vsftpd.chroot_list
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I'm not sure why it's not there. I'm running Centos 4.1 and vsftpd-2.0.1-5. When I do a 'man vsftpd.conf', all the 'chroot' options are there.
--Ajay
Todd Cary wrote:
Thank you...that is what I was looking for. However, I have a question: the man page does not give any information and when I go to vsfptd.conf, "chroot_local_user" is not listed as an option. Have I missed something" Do I need another cup of cofee?
I went to another server of mine and I did find that I had added "chroot_local_user=YES".
Todd
Ajay Sharma wrote:
Todd Cary wrote:
The user can get to /home and see the other dirs...is there a way to make it so the user cannot view the other dirs?
Check out the vsftpd.conf man page and search for 'chroot'. I have it enabled and lock every into their home directory. Then I also enable the exclude list so that when I ftp in I can go anywhere.
Here's the excerpt from my config:
# You may specify an explicit list of local users to chroot() to their # home directory. If chroot_local_user is YES, then this list becomes # a list of users to NOT chroot().
# chroot everyone chroot_local_user=YES # enable the excempt list chroot_list_enable=YES # and here's the list chroot_list_file=/etc/vsftpd.chroot_list
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Ajay Sharma -
Peter Arremann -
Todd Cary