[Sussex] Security and Network Problems [WAS: FTP - Fedora core 3]
Jon Fautley
jfautley at redhat.com
Thu Aug 11 10:55:45 UTC 2005
Brendan Whelan wrote:
> Jon,
>
> Thanks for the offer of checking my configuration - the information is at
> the bottom of this email.
No worries, I'll take a look...
> Also, I need to restrict the FTP users to their home directory i.e. so that
> they can read, write and delete in their home directory but cannot move
> around my system. I have tried various combinations of user/group/other for
> the directories but I either prevent the user from getting to their home or
> they can wander around my directories.
>
> I have:
> /home/ftp_users/user_1
> /home/ftp_users/user_2 etc
Ah, easy :)
I'm assuming you're using vsFTPd here...
Edit /etc/vsftpd/vsftpd.conf, and add an option like so:
chroot_local_user=YES
This will restrict all incoming FTP connections to their home directory.
If you wish to allow certain users to changedir outside their home
directory, then you'll need to add the following options:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot.list
And add a list of usernames NOT TO chroot to this file, one per line.
And now, for something completely different...
[ Configuration Snipped]
Both network cards appear to be connected to the same subnet. This is
Bad(tm). If you want multiple network cards connected to the same
network, you should look at using the Ethernet Bonding driver to bond
the two connections together.
Your present setup will cause problems when you try and use the 'second'
network interface if you're not careful.
Regards,
Jon
--
Jon Fautley <jfautley at redhat.com> direct: +44 1483 739615
Presales Technical Consultant office: +44 1483 300169
Red Hat UK mobile: +44 7841 558683
10 Alan Turing Road, Surrey Research Park, Guildford GU2 7YF
More information about the Sussex
mailing list