ubuntu - ubuntu - VSFTP Users and Directories - answerstu - answerstu.com answerstu

ubuntu - VSFTP Users and Directories

I'm stuck. I've been working all day on trying to figure out what I'm doing wrong and I've hit wall after wall.

What I'm trying to do: Setup FTP in such a way that certain users have access only to their directory, but higher level users have access to all directories.

What I've Googled so far: I started with this, but that didn't do what I needed it to. I then used this, but once I created one user, it wouldn't let me create another one. Finally, I decided to follow this, but it wouldn't let me even create one user.

I'm using Ubuntu 10. I can login to ftp as a root user and it takes me to the home directory. If I try to login using the user I created in the tutorial it says:

Status: Connection established, waiting for welcome message...
Response:   220 (vsFTPd 2.2.2)
Command:    USER mathew
Response:   331 Please specify the password.
Command:    PASS ****
Response:   530 Login incorrect.
Error:  Critical error
Error:  Could not connect to server

EDIT: I'm still having trouble understanding CHROOT with FTP. Every tutorial I read looks completely different and has me do different things. Every tutorial I read on VSFTP has me doing different things as well. I thought using Linux would be easier to configure and set up, but so far I'm struggling with something that should be simple. It's easier to set up an entire LAMP stack than FTP. SIGH Sorry, for the rant.

2 Answers

  1. kate- Reply

    2019-11-15

    Unless you have a very specific reason, don't use ftp. It is insecure and limited.

    For more information.

    If you still wish to proceed, the information you are looking for is called a 'chroot' and is very possible, but you probably won't find it looking in ftp documentation. Start with this in Google: chroot an FTP user

    If you were to switch to ssh where you can use sftp, you can set up a chroot environment within about 5 minutes if you're aware of what needs to take place. Read on to find out more!

    The below information is gathered from http://www.debian-administration.org/articles/590

    subsystem sftp internal-sftp

    You need to configure OpenSSH to use its internal SFTP subsystem. This needs to be in /etc/ssh/sshd_config

    Subsystem sftp internal-sftp

    sshd_config

    The Chroot environment must be specified within a Match segment.

    Match group sftponly
         ChrootDirectory /home/%u
         X11Forwarding no
         AllowTcpForwarding no
         ForceCommand internal-sftp
    

    Notice the ChrootDirectory was specified as well as the ForceCommand.

    Permissions note

    The user's home directory MUST BE OWNED BY ROOT! This is not optional. Not only that, but it must also NOT be writable by any user EXCEPT root. The home directory and ALL parent directories most have these same restrictions.

    drwxr-xr-x 21 root   root   4096 Jan  1 12:51 /
    drwxr-xr-x 16 root   root   4096 Jan 15 14:26 /home
    drwxr-xr-x  3 root   root   4096 Jan 15 14:27 /home/chroot
    drwxrwxrwx  2 chroot chroot 4096 Jan 15 14:27 /home/chroot/upload
    

    Notice the permissions for the user's home directory (/home/chroot) are NOT writable even by the owner (an account named chroot). I have created an upload directory that allows modification as an example. In this setup, the user chroot does NOT have write access to their own home directory. This is intentional and required for sftp chroot. Again, all parent directories must have similar permissions.

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>