PDA

View Full Version : VSFTPD help



cpnbnanamn
26th October 2006, 05:27 AM
Hey guys...
I'm trying to setup an FTP server on my box running FC3. After reading some of the threads some have posted, I decided to try VSFTPD. I was using BSDFTPD before on RH 9, but can't get it to work on FC3. Here's my issue:

How do I make a login unable to go any deeper into the directory structure than their home directory (or out of it either) in VSFTPD? In other words, if I assign their home directory to /ftphome (for example), how do I keep them from changing to the root ( / ) directory or to any other directory (/home/user directory for example) I know BSDFTPD did this by default, and I'm hoping I can do this with VSFTPD.

HELP?!?!?!?! :confused:
Thanks

gavinw6662
26th October 2006, 06:21 AM
that is done with the "chroot" option. I believe the default fedora install has a commented part (#) that goes on to state that if enabled that is the list of users to chroot. Basically, you uncomment that line, (ftp_chroot=YES I think it is) - create the filename it states - and then add 1 user per line in that file. Once that is done you should be good to go.

cpnbnanamn
26th October 2006, 06:30 AM
that is done with the "chroot" option. I believe the default fedora install has a commented part (#) that goes on to state that if enabled that is the list of users to chroot. Basically, you uncomment that line, (ftp_chroot=YES I think it is) - create the filename it states - and then add 1 user per line in that file. Once that is done you should be good to go.
Thanks for answering Gavin. Yes I found the same info on another users How-To page, and I did that. However, It's not working correctly. I want to block just a specific user from viewing the entire directory tree, but the only part that works is if I block ALL local users. Is there a format to the vsftpd.chroot_list that I should be using?

Mine looks similar to this:

#Users that are to be chroot'd
user1

cpnbnanamn
26th October 2006, 06:34 AM
Never mind.. I do believe I gots it!! Thanks Gavin. I do have one more question. Everything I'm reading says because of my setup (behind a firewall) I should be using passive mode. How do I enable this, as I don't see it as part of the config file.