Solved

Setting up VSFTP SERVER

Posted on 2003-11-19
3
2,581 Views
Last Modified: 2010-04-21
i'm trying to setup Very Secure FTP server on my fileserver mainly so that I can annon transfer, delete and get files on /var/ftp/pub from it localy but i can't seem to get annon access to be able to write and delete could anyone share some light on how i'd go about doing this ? i'm using Redhat 8.0 btw with the standard VSFTPd package that comes with it.

cheers, Josh
0
Comment
Question by:Jester-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9783939
0
 
LVL 24

Accepted Solution

by:
shivsa earned 200 total points
ID: 9783961

======================
vsftpd Configuration

vsftpd has three configuration files:
/etc/vsftpd.banned_emails -- List of denied anonymous addresses
/etc/vsftpd.chroot_list -- List of local users to chroot
/etc/vsftpd.conf -- General configuration options

To ban a certain anonymous email address such as "mozilla@", simply put it in this file. One address per line.  

To chroot a local user to their home directory, put their username in this file. One username per line. Please note this only matter is you:  

a) are allowing local users to login.  
b) have "chroot_local_user=NO" in /etc/vsftpd.conf  

The configuration options in the vsftpd.conf are commented quite good, so I will not go into much detail here. I will just note a few defaults:  

a) anonymous logins are enabled by default  
b) anonymous users are chrooted to '/home/ftpsecure'  
c) the daemon runs as the user 'ftpsecure'  

Populate the Tree

As the above said, all anonymous users as chrooted to "/home/ftpsecure". This means they will not be able to access any files outside of that directory. You should put all the files you want anonymous ftp users to see in this directory.

Although not necessary, it is recommended that you set up two files:  

/home/ftpsecure/etc/passwd  
/home/ftpsecure/etc/group  

When an anonymous user issues the command "ls", the ftpd will search these files to get the userid to username mappings. If you do not have these files the user will see something like this (note the '0's):

ftp> ls -la  
227 Passive mode engaged (127,0,0,1,30,4)  
150 Here comes the directory listing.  
-rw-r--r-- 1 0 0 0 Apr 13 20:03 that  
-rw-r--r-- 1 0 0 0 Apr 13 20:03 this  
226 Directory send OK.  

As a starting point, you can copy the system /etc/passwd to /home/ftpsecure/etc/passwd and the system /etc/group to /home/ftpsecure/etc/group. After this is done you should remove any users and groups that will not be used in /home/ftpsecure. For example, you will probably want to remove the users 'webd', 'halt', 'sync', etc.  

A sample /home/ftpsecure/etc/passwd would be:

root::0:0:root:/root:/dev/null  
nobody:*:99:99:Nobody:/:  
rwm:x:501:502:Ryan W. Maple:/home/rwm:/dev/null
ben:x:500:502:Ben Thomas:/home/ben:/dev/null  
dave:x:502:502:Dave Wreski:/home/dave:/dev/null
nick:x:503:502:Nick DeClario:/home/nick:/dev/null  
pete:x:504:502:Pete O'Hara:/home/pete:/dev/null  

A sample /home/ftpsecure/etc/group would be:  

root::0:root  
nobody::99:  
gdftp::502:dave,nick,pete,ben,rwm  

Now when a user executes the command "ls", they will see something like this (note was was '0' is now 'root'):  

ftp> ls -la  
227 Passive mode engaged (127,0,0,1,109,222)  
150 Here comes the directory listing.  
drwxr-xr-x 2 root root 4096 Apr 13 20:07 etc  
-rw-r--r-- 1 root root 0 Apr 13 20:03 that  
-rw-r--r-- 1 root root 0 Apr 13 20:03 this  
226 Directory send OK.
==============

Thanks to paullamhkg for compiling instruction step by step.


0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9784196
shivsa already gave you the answer I'm just give you more to read http://vsftpd.beasts.org/

ps. points should go for shivsa, I did nothing here, just have some more info for the asker :)
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question