Fedora Linux Support Community & Resources Center
  #121  
Old 23rd September 2008, 06:16 AM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
3 Questions:




A.

Quote:
Originally Posted by briantan
Easy.

1. Add userid to chroot_list (ref. your current vsftpd.conf)
2. Create html / www directories in user's home directory
3. Make userid write accessible to html / www directories
4. Reference the html / www directories in httpd.conf



So, what you're saying is that, if I want Core FTP LE to, upon login, display the subdirectories:




.cpanel
.htpasswds
.sqmaildata
access-logs
etc
mail
public_ftp
public_html
tmp
www




...I mentioned, then I'm going to have to make related changes to my httpd.conf and this makes such an Apache issue/question which should be deligated to another forum (say, the one on "servers")?




B. Regarding:

Code:
-A INPUT -m state --state NEW -m tcp -p tcp --sport 1024: --dport sssss:ttttt -j ACCEPT
...in /etc/sysconfig/iptables, "sssss" & "ttttt", for me, are identical ("Range of 1" ). Yet, still, they represent an open port and, therefore, a security risk.




So, what's to stop some one from hacking my f9 via that port?




C. If a hacker hacks into my ftp service, then I would want him/her to be restricted to only that list of subdirectories:




Quote:
.cpanel
.htpasswds
.sqmaildata
access-logs
etc
mail
public_ftp
public_html
tmp
www



...listed, above.




How do I do that?




- j
Reply With Quote
  #122  
Old 23rd September 2008, 03:18 PM
briantan Offline
Registered User
 
Join Date: Jun 2008
Posts: 715
A. Yes.

B. Port is opened in firewall, but no service is listening on the port. "# nmap -p sssss localhost" will show that it's closed. You can try "# telnet localhost sssss"

C. Hence why you want chroot jail. (Step 1)
Reply With Quote
  #123  
Old 23rd September 2008, 04:08 PM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
1. You're right; http://www.canyouseeme.org/ could not see my sssss:ttttt port, despite I was port forwarding.




2. I went through my vsftpd.conf and could not find anything on "chroot jail" - although I remember reading something about it before.

So, how could I implement it?

Also, how does the chroot jail compare to "wrappers"?

- j
Reply With Quote
  #124  
Old 23rd September 2008, 04:15 PM
briantan Offline
Registered User
 
Join Date: Jun 2008
Posts: 715
2. See step 1. Add userid in /etc/vsftpd/chroot_list.
Reply With Quote
  #125  
Old 23rd September 2008, 04:54 PM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
Core FTP LE displays the subdirectories:


Desktop
Documents
Download
html
Music
Pictures
Templates
Public
Videos
www




...and, for the first time, I noticed that they all seem to loop around <..>.




So, are you saying that adding my userid to chroot list automatically places it in the "chroot jail"?



- j

Last edited by jazzer386; 23rd September 2008 at 04:59 PM. Reason: grammar
Reply With Quote
  #126  
Old 23rd September 2008, 05:01 PM
briantan Offline
Registered User
 
Join Date: Jun 2008
Posts: 715
Quote:
Originally Posted by jazzer386
So, are you saying that adding my userid to chroot list automatically places it in the "chroot jail"?


Quote:
Originally Posted by jazzer386
...and, for the first time, I noticed that they all seem to loop around <..>.
Not loop around. Empty directory.
Reply With Quote
  #127  
Old 23rd September 2008, 10:03 PM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
The response I got was:




Quote:
Nothing you do to httpd.conf will have any effect on vsftpd. You need to check man vsftpd.conf.
In particular, look for the hide_file configuration option. You'll have to make use of some regex-fu
in order to achieve what you want.



"regex-fu"?




Know anything about this?




- j
Reply With Quote
  #128  
Old 23rd September 2008, 10:20 PM
briantan Offline
Registered User
 
Join Date: Jun 2008
Posts: 715
He's talking about hiding the unwanted file from user in the ftp login directory. Does not apply here.

On the other hand, your question in the other thread does not make much sense.

You should have been asking: How can I get Apache to serve directory in my ftp login directory? What is the directive to use?
Reply With Quote
  #129  
Old 23rd September 2008, 11:55 PM
briantan Offline
Registered User
 
Join Date: Jun 2008
Posts: 715
Quote:
Originally Posted by jazzer386
"regex-fu"?

Know anything about this?
Regular expression for you. Level X stuff.
Reply With Quote
  #130  
Old 24th September 2008, 05:15 PM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
Quote:
You should have been asking: How can I get Apache to serve directory in my ftp login directory? What is the directive to use?



I was not aware that such were the questions I should have been asking.

Thanks, for enlightening me.

Now, I'm going to digest your reply, in the "servers" forum.

Again, thanks!

- j
Reply With Quote
  #131  
Old 6th October 2008, 02:06 AM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
To solve another problem, I re-installed f9.

So, now, I'm trying to get my vsftp working, again, but, according to http://www.canyouseeme.org/, my "Connection timed out".

I made a certificate.

Lftp works. For example:




Code:
# lftp -p port# userid@localhost
Password: 
lftp userid@localhost:~> LS 
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Desktop
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Documents
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Download
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Music
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Pictures
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Public
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Templates
drwxr-xr-x    2 500      500          4096 Oct 05 03:16 Videos



My port is forwarded and the firewall port is open.

Vsftpd is running.

Yet, I keep encountering that error message.

This issue seems to differ from earlier ones pertaining to vsftp, because they were connections which were refused.

Any thoughts on how to resolve this?

- j

Last edited by jazzer386; 6th October 2008 at 02:08 AM. Reason: grammar
Reply With Quote
  #132  
Old 6th October 2008, 06:02 AM
jazzer386 Offline
Registered User
 
Join Date: Jul 2008
Posts: 292
Never mind.

I got it!

- j
Reply With Quote
Reply

Tags
question, vsftp

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTP Security/Config Question jazzer386 Using Fedora 0 30th September 2008 08:06 PM
vsftp question: how to get 1 commong folder for all users that isnt ANON? judobrian Servers & Networking 1 6th May 2007 05:25 AM
Vsftp munki020 Using Fedora 5 14th October 2005 07:57 PM
vsFTP S3xyNaniGoat Servers & Networking 2 12th May 2005 09:24 PM


Current GMT-time: 11:07 (Sunday, 23-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
San Justo Travel Photos - Kozluk - Lukuledi Travel Photos on Instagram