public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir?
@ 2011-08-10 16:37 Jarry
  2011-08-10 17:35 ` Michael Orlitzky
  2011-08-10 18:36 ` Paul Hartman
  0 siblings, 2 replies; 6+ messages in thread
From: Jarry @ 2011-08-10 16:37 UTC (permalink / raw
  To: gentoo-user

Hi,
I'm using vsftpd and I'm quite satisfied, except for one
problem which I can not solve:

Anonymous users are chrooted to base ftp-server directory
/home/ftp but local users are chrooted to their own
directories /home/ftp/$USER and they can not move higher.
The only way for them to see directories of other local
users is to log-off and log-in as anonymous. This is not
very convenient. Why should authenticated user be allowed
less (in this particular aspect) than anonymous?

So I'd like to change it the way that both anonymous
as well as local users are chrooted to base ftp directory
/home/ftp but I do not know how to do it.

Whe I remove "chroot_local_users=YES" from vsftpd.conf,
local users are not chrooted at all, and can move
around the whole system up to /. And when I let that
"chroot_local_users=YES" activated, they are chrooted
to home-dirs. So how can I solve this problem?

Jarry

-- 
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir?
  2011-08-10 16:37 [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir? Jarry
@ 2011-08-10 17:35 ` Michael Orlitzky
  2011-08-10 17:52   ` Jarry
  2011-08-10 18:36 ` Paul Hartman
  1 sibling, 1 reply; 6+ messages in thread
From: Michael Orlitzky @ 2011-08-10 17:35 UTC (permalink / raw
  To: gentoo-user

On 08/10/11 12:37, Jarry wrote:
> Hi,
> I'm using vsftpd and I'm quite satisfied, except for one
> problem which I can not solve:
> 
> Anonymous users are chrooted to base ftp-server directory
> /home/ftp but local users are chrooted to their own
> directories /home/ftp/$USER and they can not move higher.
> The only way for them to see directories of other local
> users is to log-off and log-in as anonymous. This is not
> very convenient. Why should authenticated user be allowed
> less (in this particular aspect) than anonymous?
> 
> So I'd like to change it the way that both anonymous
> as well as local users are chrooted to base ftp directory
> /home/ftp but I do not know how to do it.
> 
> Whe I remove "chroot_local_users=YES" from vsftpd.conf,
> local users are not chrooted at all, and can move
> around the whole system up to /. And when I let that
> "chroot_local_users=YES" activated, they are chrooted
> to home-dirs. So how can I solve this problem?

Why not just chroot anonymous users to /home/ftp/public?



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir?
  2011-08-10 17:35 ` Michael Orlitzky
@ 2011-08-10 17:52   ` Jarry
  2011-08-10 18:19     ` Michael Orlitzky
  0 siblings, 1 reply; 6+ messages in thread
From: Jarry @ 2011-08-10 17:52 UTC (permalink / raw
  To: gentoo-user

On 10-Aug-11 19:35, Michael Orlitzky wrote:

>> Anonymous users are chrooted to base ftp-server directory
>> /home/ftp but local users are chrooted to their own
>> directories /home/ftp/$USER and they can not move higher.
>> The only way for them to see directories of other local
>> users is to log-off and log-in as anonymous. This is not
>> very convenient. Why should authenticated user be allowed
>> less (in this particular aspect) than anonymous?
>>
>> So I'd like to change it the way that both anonymous
>> as well as local users are chrooted to base ftp directory
>> /home/ftp but I do not know how to do it.
>
> Why not just chroot anonymous users to /home/ftp/public?

If I wanted to have one more problem (anonymous users not
able to access local users' files) I would do it... :-)

I'll try to explain it one more time. I have local users
"user1", "user2", "userX" and their home directories are:
/home/ftp/user1
/home/ftp/user2
/home/ftp/userX

Anonymous users are chrooted to /home/ftp, so they can access
files stored in /home/ftp/user1 (user2, userX). That is OK,
that is what I want. But local user1 is chrooted to
/home/ftp/user1, so he can't access files in /home/ftp/user2
(or /home/ftp/userX).

And *this* is what I want to solve: to give local users
the same possibility to access other users' files (if file
access permissions allow it, of course). So I want to chroot
local users to the very same /home/ftp directory where
anonymous users are chrooted, but I do not know how...

Jarry

-- 
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir?
  2011-08-10 17:52   ` Jarry
@ 2011-08-10 18:19     ` Michael Orlitzky
  0 siblings, 0 replies; 6+ messages in thread
From: Michael Orlitzky @ 2011-08-10 18:19 UTC (permalink / raw
  To: gentoo-user

On 08/10/11 13:52, Jarry wrote:
> 
> If I wanted to have one more problem (anonymous users not
> able to access local users' files) I would do it... :-)
> 
> I'll try to explain it one more time. I have local users
> "user1", "user2", "userX" and their home directories are:
> /home/ftp/user1
> /home/ftp/user2
> /home/ftp/userX
> 
> Anonymous users are chrooted to /home/ftp, so they can access
> files stored in /home/ftp/user1 (user2, userX). That is OK,
> that is what I want. But local user1 is chrooted to
> /home/ftp/user1, so he can't access files in /home/ftp/user2
> (or /home/ftp/userX).

Oh, ok. I didn't realize you wanted all users to be able to see the same
hierarchy. I figured you were allowing anonymous users more access just
to avoid the logical inconsistency =)


> And *this* is what I want to solve: to give local users
> the same possibility to access other users' files (if file
> access permissions allow it, of course). So I want to chroot
> local users to the very same /home/ftp directory where
> anonymous users are chrooted, but I do not know how...

Are they local users? Change their home directories to /home/ftp.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir?
  2011-08-10 16:37 [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir? Jarry
  2011-08-10 17:35 ` Michael Orlitzky
@ 2011-08-10 18:36 ` Paul Hartman
  2011-08-19 18:44   ` Jarry
  1 sibling, 1 reply; 6+ messages in thread
From: Paul Hartman @ 2011-08-10 18:36 UTC (permalink / raw
  To: gentoo-user

On Wed, Aug 10, 2011 at 11:37 AM, Jarry <mr.jarry@gmail.com> wrote:
> Hi,
> I'm using vsftpd and I'm quite satisfied, except for one
> problem which I can not solve:
>
> Anonymous users are chrooted to base ftp-server directory
> /home/ftp but local users are chrooted to their own
> directories /home/ftp/$USER and they can not move higher.
> The only way for them to see directories of other local
> users is to log-off and log-in as anonymous. This is not
> very convenient. Why should authenticated user be allowed
> less (in this particular aspect) than anonymous?
>
> So I'd like to change it the way that both anonymous
> as well as local users are chrooted to base ftp directory
> /home/ftp but I do not know how to do it.
>
> Whe I remove "chroot_local_users=YES" from vsftpd.conf,
> local users are not chrooted at all, and can move
> around the whole system up to /. And when I let that
> "chroot_local_users=YES" activated, they are chrooted
> to home-dirs. So how can I solve this problem?

I haven't used vsftpd in a long time but I believe you can do
something like this:

Set user_config_dir to point to someplace such as /etc/vsftpd/users

In that directory, create files for each username and within it put:
local_root=/home/ftp

I think that might set all of those users to login to that folder. I
have not tried it. :)

There was also an option to use alternative home directories rather
than the one specified in /etc/passwd, but I can't remember exactly
what that was and it may have still used the username as part of the
path. "man vsftpd.conf" should explain it.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir?
  2011-08-10 18:36 ` Paul Hartman
@ 2011-08-19 18:44   ` Jarry
  0 siblings, 0 replies; 6+ messages in thread
From: Jarry @ 2011-08-19 18:44 UTC (permalink / raw
  To: gentoo-user

On 10-Aug-11 20:36, Paul Hartman wrote:
>
>> So I'd like to change it the way that both anonymous
>> as well as local users are chrooted to base ftp directory
>> /home/ftp but I do not know how to do it.
>
> Set user_config_dir to point to someplace such as /etc/vsftpd/users
> In that directory, create files for each username and within it put:
> local_root=/home/ftp

Actually, instead of creating file for each username I included
these options in main config file /etc/vsftpd/vsftpd.conf:

chroot_local_user=YES
local_root=/home/ftp

Now it works as I expected: both anonymous & local users are
chrooted to /home/ftp and can enter any sub-directory, but
local users can upload files to /home/ftp/$USER (homedirs
where they have write permission).

On 10-Aug-11 20:19, Michael Orlitzky wrote:
 >
 > Are they local users? Change their home directories to /home/ftp.

I did not test this, but it might work too. The only drawback
is I'd have to edit /etc/passwd always when I add new user.

Problem solved, thank you for help...

Jarry
-- 
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2011-08-19 18:46 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-10 16:37 [gentoo-user] vsftpd: how can I chroot both anon and auth users to the same dir? Jarry
2011-08-10 17:35 ` Michael Orlitzky
2011-08-10 17:52   ` Jarry
2011-08-10 18:19     ` Michael Orlitzky
2011-08-10 18:36 ` Paul Hartman
2011-08-19 18:44   ` Jarry

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox