vsftp Question

[jazzer386]

3 Questions:




A.

Quote:

Originally Posted by briantan

Easy.

1. Add userid to chroot_list (ref. your current vsftpd.conf)
2. Create html / www directories in user's home directory
3. Make userid write accessible to html / www directories
4. Reference the html / www directories in httpd.conf

So, what you're saying is that, if I want Core FTP LE to, upon login, display the subdirectories:




.cpanel
.htpasswds
.sqmaildata
access-logs
etc
mail
public_ftp
public_html
tmp
www




...I mentioned, then I'm going to have to make related changes to my httpd.conf and this makes such an Apache issue/question which should be deligated to another forum (say, the one on "servers")?




B. Regarding:

Code:

-A INPUT -m state --state NEW -m tcp -p tcp --sport 1024: --dport sssss:ttttt -j ACCEPT

...in /etc/sysconfig/iptables, "sssss" & "ttttt", for me, are identical ("Range of 1" ). Yet, still, they represent an open port and, therefore, a security risk.




So, what's to stop some one from hacking my f9 via that port?




C. If a hacker hacks into my ftp service, then I would want him/her to be restricted to only that list of subdirectories:

Quote:

.cpanel
.htpasswds
.sqmaildata
access-logs
etc
mail
public_ftp
public_html
tmp
www

...listed, above.




How do I do that?




- j

[briantan]

A. Yes.

B. Port is opened in firewall, but no service is listening on the port. "# nmap -p sssss localhost" will show that it's closed. You can try "# telnet localhost sssss"

C. Hence why you want chroot jail. (Step 1)

[jazzer386]

1. You're right; http://www.canyouseeme.org/ could not see my sssss:ttttt port, despite I was port forwarding.




2. I went through my vsftpd.conf and could not find anything on "chroot jail" - although I remember reading something about it before.

So, how could I implement it?

Also, how does the chroot jail compare to "wrappers"?

- j

[briantan]

2. See step 1. Add userid in /etc/vsftpd/chroot_list.

[jazzer386]

Core FTP LE displays the subdirectories:


Desktop
Documents
Download
html
Music
Pictures
Templates
Public
Videos
www




...and, for the first time, I noticed that they all seem to loop around <..>.




So, are you saying that adding my userid to chroot list automatically places it in the "chroot jail"?



- j

[briantan]

Quote:

Originally Posted by jazzer386

So, are you saying that adding my userid to chroot list automatically places it in the "chroot jail"?

Quote:

Originally Posted by jazzer386

...and, for the first time, I noticed that they all seem to loop around <..>.

Not loop around. Empty directory.

[jazzer386]

The response I got was:

Quote:

Nothing you do to httpd.conf will have any effect on vsftpd. You need to check man vsftpd.conf.
In particular, look for the hide_file configuration option. You'll have to make use of some regex-fu
in order to achieve what you want.

"regex-fu"?




Know anything about this?




- j

[briantan]

He's talking about hiding the unwanted file from user in the ftp login directory. Does not apply here.

On the other hand, your question in the other thread does not make much sense.

You should have been asking: How can I get Apache to serve directory in my ftp login directory? What is the directive to use?

[briantan]

Quote:

Originally Posted by jazzer386

"regex-fu"?

Know anything about this?

Regular expression for you. Level X stuff.

[jazzer386]

Quote:

You should have been asking: How can I get Apache to serve directory in my ftp login directory? What is the directive to use?

I was not aware that such were the questions I should have been asking.

Thanks, for enlightening me.

Now, I'm going to digest your reply, in the "servers" forum.

Again, thanks!

- j

[jazzer386]

To solve another problem, I re-installed f9.

So, now, I'm trying to get my vsftp working, again, but, according to http://www.canyouseeme.org/, my "Connection timed out".

I made a certificate.

Lftp works. For example:

Code:

# lftp -p port# userid@localhost
Password: 
lftp userid@localhost:~> LS 
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Desktop
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Documents
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Download
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Music
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Pictures
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Public
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Templates
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Videos

My port is forwarded and the firewall port is open.

Vsftpd is running.

Yet, I keep encountering that error message.

This issue seems to differ from earlier ones pertaining to vsftp, because they were connections which were refused.

Any thoughts on how to resolve this?

- j

[jazzer386]

Never mind.

I got it!

- j