Solved

vsftp & user permissions

Posted on 2003-11-18
20
2,313 Views
Last Modified: 2010-04-20
Hi.

Something strange is happening on my system.

When I ftp into my server as a user, it chroots me to the home folder of the user, show me the contents etc, allows me to upload, but allows no write. ONly some of the system users are exhibiting this behaviour, while others work as they used to.

I have tried deleting the users that gives me this problem, but the problenm persists as soon as I add the user again.
Even new users does the same, ie, i can FTP in, but cannot upload or delete files already in folder.

NOTE: All the file permissions are checked. I have done a chmod -R 777 * on the files in the folder to make sure that it is not simply a matter of incorrect permission or ownership. Also, I can log into the system with the same username/password and all seems fine, ie, I can create and delete files in the home folder with no problems, it's just when I ftp...

Does anyone have ideas?
 At this stage it's not that bad, as the other users can still FTP etc, but if this is like a virus that will spread to toher users, I need to come up with solution fast.
0
Comment
Question by:psimation
  • 6
  • 5
  • 3
  • +3
20 Comments
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
vsftpd Configuration

vsftpd has three configuration files:
/etc/vsftpd.banned_emails -- List of denied anonymous addresses
/etc/vsftpd.chroot_list -- List of local users to chroot
/etc/vsftpd.conf -- General configuration options

To ban a certain anonymous email address such as "mozilla@", simply put it in this file. One address per line.  

To chroot a local user to their home directory, put their username in this file. One username per line. Please note this only matter is you:  

a) are allowing local users to login.  
b) have "chroot_local_user=NO" in /etc/vsftpd.conf  

The configuration options in the vsftpd.conf are commented quite good, so I will not go into much detail here. I will just note a few defaults:  

a) anonymous logins are enabled by default  
b) anonymous users are chrooted to '/home/ftpsecure'  
c) the daemon runs as the user 'ftpsecure'
0
 
LVL 17

Author Comment

by:psimation
Comment Utility
shivsa
I think you misunderstood me.

I already know all these things, and had everything working 100%. All my users were chrooted etc, but then I noticed that some of the users started to display funny behaviour, ie. you can log in with ftp, but cannot upload or delete ( i havn't changed anything on the system). Only some users do this. Again, I DON'T WANT THIS TO HAPPEN, ie, I'm not looking for an explanation on how to have certain users chrooted and others not, I want ALL my users chrooted, and that is how it was. Clearly I have a problem in that the system/vsftp is NOT doing what it is supposed to/configured to do...
0
 
LVL 12

Expert Comment

by:paullamhkg
Comment Utility
May be it's not the problem on the vftp configuration problem, since as you said some user can have normal login and do normal thing, right. only some users have problem.

Have you setup quota for them? if yes, have you check the quota status, are those users use up the allowed disk space?
0
 
LVL 17

Author Comment

by:psimation
Comment Utility
Nope, I've changed nothing at all to distinguish between users. All users are supposed to be handled the same...
I did notice in the passwd file that the one user that is affected, used to be the first "system user" , ie. ID 500, now, in the file, it is the last. It is as if the user was deleted and created again, but that doesn't make sense, firstly, I sure didn't do it, 2ndly, if the system was hacked, why would the cracker delete the user, just to add it again with the same password? I then noticed that the file permissions ( the old files that were in the folder already), belonged to user 500 ( wich was the correct id for the user), but the new user has ID 597 for instance, so when I chown again, it gives better results.
BUT, it still won't allow me to overwrite...
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
What is the ownership of the users home directory? Did you do a "global" find... something like
find / -uid 500 -print | xargs chown 597

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
... and you know everything about intrusions already psimation, so I'll not insult you be repeating it:-).

-- Glenn
0
 
LVL 17

Author Comment

by:psimation
Comment Utility
Hi guys, I re-installed so all is well now. Think it was definately due to some unscrupulous actions of a cracker rather than software/hardware failure.
I'd like to close this question. Methinks a delete is in order ( this question will be of no help as a PAQ); any objections?

0
 
LVL 12

Expert Comment

by:paullamhkg
Comment Utility
No objection for delete but remember to get the points refund (I think you know it already) anyway :)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 17

Author Comment

by:psimation
Comment Utility
OK, thanks, just waiting to hear from Gns and shiva
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
No objections at all.
Out of curiosity.... Do you employ any IDS (networked and/or hostbased)?

-- Glenn
0
 
LVL 24

Expert Comment

by:shivsa
Comment Utility
Me too, u can close this question.
glad things workout for u.
0
 
LVL 17

Author Comment

by:psimation
Comment Utility
Thanks guys

Hi Gns: none except for tripwire, but I think I disabled that many moons ago because it gave me too much hassles. I found their point of entry: They used an exploit in ncftp, so I wiped it and put vsftpd on.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Ah yes... The joys of making the security system "shut up" about non-intrusions ... and finally just getting fed up enough that one disables it:-)... Been there, and expect to be there again.
Good that you've got it sorted.
Be seeing you.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Um, psimation should have a delete with refund...:-)

-- Glenn
0
 
LVL 12

Expert Comment

by:paullamhkg
Comment Utility
well recomment PAQ'd with refund, some useful info here anyway.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Mayby you're right Paul... Definitely a refund though.

-- Glenn
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
PAQ/Refund
Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

khkremer
EE Cleanup Volunteer
0
 

Accepted Solution

by:
amp072397 earned 0 total points
Comment Utility
PAQed, with points refunded (125)

amp
Community Support Cleanup Moderator
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now