PDA

View Full Version : VSFTPD and user permissions



bhm8hwcm
27th July 2008, 12:15 AM
Have just set up VSFTPD and it seems to work fine. Users (I am only user) can upload and download files to their home directories. Users can also work their way through the filesystem.

I need to give myself permission to download and upload files to directories outside of my home directory and I can not find out how to do this. I believe it must be simple.

Any ideas?

trilobite
27th July 2008, 02:15 AM
add "chroot_local_user=YES" in /etc/vsftpd/vsftpd.conf

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_local_user=YES
chroot_list_file=/etc/vsftpd/chroot_list
/etc/vsftpd/chroot_list --> users that are not confined in chroot jail.

bhm8hwcm
27th July 2008, 02:36 AM
Thanks for the tip. I tried it but it did not work.

I am able to move through the file system but I can not download or upload files out of my home directory. I need to be able to upload files to the html directory for example. I basically need to give myself access to the entire file system through FTP.

trilobite
27th July 2008, 04:18 AM
If selinux enforcing? Try enabling 'allow_ftpd_full_access'.

bhm8hwcm
27th July 2008, 05:06 AM
SElinux is disabled.

Just so I understand how things work...by default, should it be possible for any user on the system to upload or download any file in the system via FTP? Is this normal or is this a special configuration for the FTP server, or perhaps Users.

Still trying to solve this.

Brook
27th July 2008, 06:45 AM
SElinux is disabled.

Just so I understand how things work...by default, should it be possible for any user on the system to upload or download any file in the system via FTP? Is this normal or is this a special configuration for the FTP server, or perhaps Users.

Still trying to solve this.
The users of FTP are catigorized:Local user and anon user.Local user can access the all filesystem(/) through FTP,of course,the permission must be authorized.anon user can only access his home directory.In my opinion,it's useless to upload or download any file in the system via FTP.Because you can log in the system in normal way and why via ftp?

bhm8hwcm
27th July 2008, 07:56 AM
I am trying to access my web root directory to edit php files etc using an editor and FTP from a remote machine. I had this working properly on FC 4 but then upgraded to FC 9 and reinstalled everything. I can not remember how is what setup before. I moved over my html files and I have realized that I can actually upload and download files, but the permissions are set to 777. There are a couple of folder permissions set at 755 and I can not upload to them (seems I can download though).

So it seems if I change the permissions on those folders then I should be ok. I guess what I was wondering was if there was a way a user in VSFTPD could be configured to almost have root like access (writing) rather than changing directory permissions. Or is this more of a user permissions issue?

trilobite
27th July 2008, 12:31 PM
Instead of 777, consider access control using user/group.

consider use of chroot and set user home directory to html documet root directory.

IMHO, ftp is one of the most hacked ports in server. hence many restrictions available in a secure ftp server. opening user to "root like access" is suicidal. :) If you are the only user, consider using port other than 21.

man vsftpd.conf