Solved

vsftp & user permissions

Posted on 2003-11-18
20
2,327 Views
Last Modified: 2010-04-20
Hi.

Something strange is happening on my system.

When I ftp into my server as a user, it chroots me to the home folder of the user, show me the contents etc, allows me to upload, but allows no write. ONly some of the system users are exhibiting this behaviour, while others work as they used to.

I have tried deleting the users that gives me this problem, but the problenm persists as soon as I add the user again.
Even new users does the same, ie, i can FTP in, but cannot upload or delete files already in folder.

NOTE: All the file permissions are checked. I have done a chmod -R 777 * on the files in the folder to make sure that it is not simply a matter of incorrect permission or ownership. Also, I can log into the system with the same username/password and all seems fine, ie, I can create and delete files in the home folder with no problems, it's just when I ftp...

Does anyone have ideas?
 At this stage it's not that bad, as the other users can still FTP etc, but if this is like a virus that will spread to toher users, I need to come up with solution fast.
0
Comment
Question by:psimation
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +3
20 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9771771
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9771785
vsftpd Configuration

vsftpd has three configuration files:
/etc/vsftpd.banned_emails -- List of denied anonymous addresses
/etc/vsftpd.chroot_list -- List of local users to chroot
/etc/vsftpd.conf -- General configuration options

To ban a certain anonymous email address such as "mozilla@", simply put it in this file. One address per line.  

To chroot a local user to their home directory, put their username in this file. One username per line. Please note this only matter is you:  

a) are allowing local users to login.  
b) have "chroot_local_user=NO" in /etc/vsftpd.conf  

The configuration options in the vsftpd.conf are commented quite good, so I will not go into much detail here. I will just note a few defaults:  

a) anonymous logins are enabled by default  
b) anonymous users are chrooted to '/home/ftpsecure'  
c) the daemon runs as the user 'ftpsecure'
0
 
LVL 17

Author Comment

by:psimation
ID: 9772744
shivsa
I think you misunderstood me.

I already know all these things, and had everything working 100%. All my users were chrooted etc, but then I noticed that some of the users started to display funny behaviour, ie. you can log in with ftp, but cannot upload or delete ( i havn't changed anything on the system). Only some users do this. Again, I DON'T WANT THIS TO HAPPEN, ie, I'm not looking for an explanation on how to have certain users chrooted and others not, I want ALL my users chrooted, and that is how it was. Clearly I have a problem in that the system/vsftp is NOT doing what it is supposed to/configured to do...
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 12

Expert Comment

by:paullamhkg
ID: 9775651
May be it's not the problem on the vftp configuration problem, since as you said some user can have normal login and do normal thing, right. only some users have problem.

Have you setup quota for them? if yes, have you check the quota status, are those users use up the allowed disk space?
0
 
LVL 17

Author Comment

by:psimation
ID: 9776626
Nope, I've changed nothing at all to distinguish between users. All users are supposed to be handled the same...
I did notice in the passwd file that the one user that is affected, used to be the first "system user" , ie. ID 500, now, in the file, it is the last. It is as if the user was deleted and created again, but that doesn't make sense, firstly, I sure didn't do it, 2ndly, if the system was hacked, why would the cracker delete the user, just to add it again with the same password? I then noticed that the file permissions ( the old files that were in the folder already), belonged to user 500 ( wich was the correct id for the user), but the new user has ID 597 for instance, so when I chown again, it gives better results.
BUT, it still won't allow me to overwrite...
0
 
LVL 20

Expert Comment

by:Gns
ID: 9778409
What is the ownership of the users home directory? Did you do a "global" find... something like
find / -uid 500 -print | xargs chown 597

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 9778422
... and you know everything about intrusions already psimation, so I'll not insult you be repeating it:-).

-- Glenn
0
 
LVL 17

Author Comment

by:psimation
ID: 9895277
Hi guys, I re-installed so all is well now. Think it was definately due to some unscrupulous actions of a cracker rather than software/hardware failure.
I'd like to close this question. Methinks a delete is in order ( this question will be of no help as a PAQ); any objections?

0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9895312
No objection for delete but remember to get the points refund (I think you know it already) anyway :)
0
 
LVL 17

Author Comment

by:psimation
ID: 9895342
OK, thanks, just waiting to hear from Gns and shiva
0
 
LVL 20

Expert Comment

by:Gns
ID: 9895357
No objections at all.
Out of curiosity.... Do you employ any IDS (networked and/or hostbased)?

-- Glenn
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9895373
Me too, u can close this question.
glad things workout for u.
0
 
LVL 17

Author Comment

by:psimation
ID: 9895406
Thanks guys

Hi Gns: none except for tripwire, but I think I disabled that many moons ago because it gave me too much hassles. I found their point of entry: They used an exploit in ncftp, so I wiped it and put vsftpd on.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9895437
Ah yes... The joys of making the security system "shut up" about non-intrusions ... and finally just getting fed up enough that one disables it:-)... Been there, and expect to be there again.
Good that you've got it sorted.
Be seeing you.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 10182449
Um, psimation should have a delete with refund...:-)

-- Glenn
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 10199292
well recomment PAQ'd with refund, some useful info here anyway.
0
 
LVL 20

Expert Comment

by:Gns
ID: 10199528
Mayby you're right Paul... Definitely a refund though.

-- Glenn
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10303540
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
PAQ/Refund
Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

khkremer
EE Cleanup Volunteer
0
 

Accepted Solution

by:
amp072397 earned 0 total points
ID: 10350349
PAQed, with points refunded (125)

amp
Community Support Cleanup Moderator
0

Featured Post

Understanding Linux Permissions

Linux for beginners: How to view the permissions associated with files and directories and also how you can change them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question