Visit Our UNIX and Linux User Community


Lock User in home directory in ftp prompt


 
Thread Tools Search this Thread
Operating Systems Linux Lock User in home directory in ftp prompt
# 1  
Old 09-10-2009
Lock User in home directory in ftp prompt

Hi,
I am using Red Hat Enterprise Linux ES release 4 (Nahant Update 5). Here I have created one user with /sbin/nologin shll such that login is not possible only ftp is possible. But I want to do another thing that the user can not roam around after ftp.
I had tried one way.
in /etc/vsftpd/vsftpd.conf file :
1. chroot_list_enable=YES
2. chroot_list_file=/etc/vsftpd.chroot_list
and in /etc/vsftpd.user_list file :
apend username
But after doing all these the user can not login using ftp,
it i showing access denied.
Can anybody help me if this process is correct or wrong?
# 2  
Old 09-17-2009
Please post your vsftpd config files in code tags.
# 3  
Old 09-21-2009
Quote:
Originally Posted by ilikecows
Please post your vsftpd config files in code tags.
Hi,
I had hashed out the lines because in that user it was not possible to login in ftp.
Please find the vsftpd.conf file...

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
# 4  
Old 09-21-2009
You have TCP wrappers enabled. Have you added the user to /etc/hosts.allow?

You also have PAM enabled. Did you add the user to /etc/vsftpd/ftpusers? If so, the user will be denied access.
# 5  
Old 09-21-2009
Please post the relevant messages from log files in /var/log .Smilie

Previous Thread | Next Thread
Test Your Knowledge in Computers #893
Difficulty: Easy
sed uses regular expressions, such as .* (zero or more of any character).
True or False?

10 More Discussions You Might Find Interesting

1. Solaris

SunOS confusing root directory and user home directory

Hello, I've just started using a Solaris machine with SunOS 5.10. After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init). ... (2 Replies)
Discussion started by: egyassun
2 Replies

2. Red Hat

SSH lock users to the Home Directory

Hi friends, I must to give ssh connection to own customer. So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user. I am waitting your kindly helps :D ---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies

3. Red Hat

User's home directory

Hi, By default user's home directory will be /home/$user. I want to change it to /javauser/$user. How can I do it? Thanks Jeevan. (5 Replies)
Discussion started by: jredx
5 Replies

4. Solaris

Restricting SFTP user to a defined directory and home directory

Hi, I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP. The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies

5. Solaris

scp prompt when home directory is 777

Morning all, I was running some deployment scripts on Friday night that kept failing because it prompted for a password for a user I was already sudo'd in as when trying to scp a file onto itself. e.g. on server 51.123.123.123 as sudo dlam typing: scp testfile dlam@51.123.123.123:/tmp ... (5 Replies)
Discussion started by: dlam
5 Replies

6. Shell Programming and Scripting

how to find out the home directory of a user??

Hi all, I would like to know how to find out the home directory of a particular user.. eg, If am the root , then my Home directory will be / if say am just a user logging into the terminal then my home dir would change, so accordingly i would like to know how to find it out... I know that... (7 Replies)
Discussion started by: wrapster
7 Replies

7. Solaris

lock user to directory in ftp

how can i lock a specific user to his home directory when he logs on to the computer with ftp? thanx! (3 Replies)
Discussion started by: eliraza6
3 Replies

8. UNIX for Dummies Questions & Answers

Specifying FTP user Home Directory

Hi, I am running Solaris 10 and I am using the ftp server that comes with it. I would like to specify a specific directory as ftp user's home directory. For example, if "ftpuserx" ftps into my solaris machine, they will automatically be taken to "/space/web" directory, even though there... (0 Replies)
Discussion started by: annointed3
0 Replies

9. UNIX for Dummies Questions & Answers

user home directory problem

The home directory for me on my system is on /home/kwon. It was created using "useradd kwon" When i go to change the home directory for a user doing a usermod -d /home/test when they log on it gives them messages saying to generate new ssh keys, and it does. It gives me a thing that says... (1 Reply)
Discussion started by: BangYourWallnut
1 Replies

10. UNIX for Dummies Questions & Answers

resrtrict user to his home directory

Hello How do i restrict a user only to his own directory so that he wont be able to cd to other directories. say for excample there is user called xiamin then xiamin should be restricted to /usr/xiamin only. i am on redhat linux regards Hrishy (4 Replies)
Discussion started by: xiamin
4 Replies

Featured Tech Videos