PDA

View Full Version : FTP Structure on Linux Box



Sam I Am
20-03-2005, 07:22 PM
Ok here goes.

I have spent the day arguing with vsftpd and getting it going. Surprisingly enough I managed quite well.

I have:

added a user to my nix box

chrooted their ftp access to their /home dir only

setup no-ip client (dynamic ip)

They can connect, upload and download all fine.

Heres my problem. The files I want to share are on another drive. A fat32 drive mounted as /archive. How do I give them download access to this drive?

If theres a better way using ftp to do this (and I suspect there is) then now is a good time to do it. Would it have anything to do with /var/ftp ?

Also. what are the security risks from having port 21 open? There is no anonymus access allowed. There is a list of forbidden logons who wont even get the chance to enter a password eg: root etc



Cheers

Chilling_Silence
20-03-2005, 07:50 PM
Basically you've done perfectly :)

You could symlink to /mnt/fat32 or wherever you choose to mount it but VSFTPd is "Very Secure FTP Daemon" and it wouldnt be very secure if it allowed you to follow a symlink out of the home folder after chrooting the user now would it.

You're left with only one option: mount --bind /mnt/fat32 /home/ftpusername/fat32

Been there myself, took me forever to work that one out ;)

Cheers


Chill.

Ash M
20-03-2005, 07:57 PM
Not exactly Chill,

I had the same thing.

I simply had my fstab with the following

/dev/hda5 mounted on /home/ftp/
/dev/hdb1 mounted on /home/ftp/pub2/
/dev/hdd1 mounted on /home/ftp/backup/

So the drives were mounted under each other

Then I just created two users both with the home dir of /home/ftp/

I then set vsftpd's umask to 000 (making everthing chmodded to 777) and it worked a treat..


This worked fine, although I now use glFTPd as its more configurable.

Chilling_Silence
20-03-2005, 08:02 PM
See, there is more than one way to skin the cat ;)

I never played around with the umask permissions in vsftpd... After moving away from Redhat 8/9, I began using pureftpd :)

Ash M
20-03-2005, 08:29 PM
See, there is more than one way to skin the cat ;)

I never played around with the umask permissions in vsftpd... After moving away from Redhat 8/9, I began using pureftpd :)

You're a Gentoo user aren't you....? You should use glFTPd.... It doesn't get any more configurable than that....

Chilling_Silence
20-03-2005, 08:42 PM
glFTPd? Never heard of it?!

I like pureftpd for the use of the command pure-ftpwho, showing me who's online and using what files at what speeds.

I'll look into it :)

Sam I Am
20-03-2005, 09:04 PM
Ok chill,

I tried your command, amending it to my dir names :)

logged into ftp as the user and got this:

230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,45,137)
150 Here comes the directory listing.
lrwxrwxrwx 1 0 0 14 Mar 20 04:21 Music -> /archive/Music
226 Directory send OK.
ftp> cd Music
550 Failed to change directory.

If I just logon to the box as the same user then it works fine. This user will never loggon this way. He will only ever have FTP access. Sorry, should have been a little clearer :)

Sam I Am
20-03-2005, 09:07 PM
Not exactly Chill,

I had the same thing.

I simply had my fstab with the following

/dev/hda5 mounted on /home/ftp/
/dev/hdb1 mounted on /home/ftp/pub2/
/dev/hdd1 mounted on /home/ftp/backup/

So the drives were mounted under each other

Then I just created two users both with the home dir of /home/ftp/

I then set vsftpd's umask to 000 (making everthing chmodded to 777) and it worked a treat..


This worked fine, although I now use glFTPd as its more configurable.



Ahhhhh I see. Yeah that would work. I hadnt thought of that. I never thought to change the users home dir... Doh. I may use that as a fall back as I like the way chill is trying to work it. Has a certain elegance about it :)

I really must study up on umask

Sam I Am
20-03-2005, 09:09 PM
glFTPd? Never heard of it?!

I like pureftpd for the use of the command pure-ftpwho, showing me who's online and using what files at what speeds.

I'll look into it :)

The inablility to see the user logged on freaked me out. wonder if theres a command like that for vsftpd? hmmm off to the man page.

Chilling_Silence
20-03-2005, 09:40 PM
I mount my fat32 partition with umask=000 ;)

Kame
21-03-2005, 03:41 AM
Would be nice to know what you're running.

The mount command that chill suggested was good for me, because I needed to retain http access information and because things like /var/ftp /var/html/www are chroot'ed so outside access isn't available, since I wanted to use ftp for the http server directories, with SELinux, it kinda protects a lot that even more things need to be configured, especially users permissions and using chmod 777 was definitely out of the question.

/var/ftp would be the default/home directory for the user ftp.

Failing to change directory would be expected because of user permission on that directory, using 777 may or may not be a good idea, depends whether you want to allow them writing to it or not, but disabling uploading, 766 might be more suited, most likely they should only have read access if you don't want write access so 722 or even just 222.

However, I would be inclined to just change the user information for those allowed `chcon` might be the command to look into, do ls -Z in your archived drive to see who has user permission usually in the form USER:GROUP, if created by root, then it's possibly root root.

KK

Sam I Am
21-03-2005, 03:43 PM
Update

Dive is mounted umask 000 and still no go.

I have just changed the home dir for the user to the dir I want them to have access to. At least they are locked out of the rest.

Untill I get a seperate box for it to run on then this will have to do.

Cheers

Chilling_Silence
21-03-2005, 05:54 PM
mount --bind /sourcedir /home/username/destdir didnt worK?

Sam I Am
21-03-2005, 06:57 PM
mount --bind /sourcedir /home/username/destdir didnt worK?

Nah it didnt. :badpc:

It placed a link in the home dir but ftpwouldnt allow the change :dogeye: