Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Setting up VSFTP SERVER

Posted on 2003-11-19
3
Medium Priority
?
2,583 Views
Last Modified: 2010-04-21
i'm trying to setup Very Secure FTP server on my fileserver mainly so that I can annon transfer, delete and get files on /var/ftp/pub from it localy but i can't seem to get annon access to be able to write and delete could anyone share some light on how i'd go about doing this ? i'm using Redhat 8.0 btw with the standard VSFTPd package that comes with it.

cheers, Josh
0
Comment
Question by:Jester-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 24

Expert Comment

by:shivsa
ID: 9783939
0
 
LVL 24

Accepted Solution

by:
shivsa earned 400 total points
ID: 9783961

======================
vsftpd Configuration

vsftpd has three configuration files:
/etc/vsftpd.banned_emails -- List of denied anonymous addresses
/etc/vsftpd.chroot_list -- List of local users to chroot
/etc/vsftpd.conf -- General configuration options

To ban a certain anonymous email address such as "mozilla@", simply put it in this file. One address per line.  

To chroot a local user to their home directory, put their username in this file. One username per line. Please note this only matter is you:  

a) are allowing local users to login.  
b) have "chroot_local_user=NO" in /etc/vsftpd.conf  

The configuration options in the vsftpd.conf are commented quite good, so I will not go into much detail here. I will just note a few defaults:  

a) anonymous logins are enabled by default  
b) anonymous users are chrooted to '/home/ftpsecure'  
c) the daemon runs as the user 'ftpsecure'  

Populate the Tree

As the above said, all anonymous users as chrooted to "/home/ftpsecure". This means they will not be able to access any files outside of that directory. You should put all the files you want anonymous ftp users to see in this directory.

Although not necessary, it is recommended that you set up two files:  

/home/ftpsecure/etc/passwd  
/home/ftpsecure/etc/group  

When an anonymous user issues the command "ls", the ftpd will search these files to get the userid to username mappings. If you do not have these files the user will see something like this (note the '0's):

ftp> ls -la  
227 Passive mode engaged (127,0,0,1,30,4)  
150 Here comes the directory listing.  
-rw-r--r-- 1 0 0 0 Apr 13 20:03 that  
-rw-r--r-- 1 0 0 0 Apr 13 20:03 this  
226 Directory send OK.  

As a starting point, you can copy the system /etc/passwd to /home/ftpsecure/etc/passwd and the system /etc/group to /home/ftpsecure/etc/group. After this is done you should remove any users and groups that will not be used in /home/ftpsecure. For example, you will probably want to remove the users 'webd', 'halt', 'sync', etc.  

A sample /home/ftpsecure/etc/passwd would be:

root::0:0:root:/root:/dev/null  
nobody:*:99:99:Nobody:/:  
rwm:x:501:502:Ryan W. Maple:/home/rwm:/dev/null
ben:x:500:502:Ben Thomas:/home/ben:/dev/null  
dave:x:502:502:Dave Wreski:/home/dave:/dev/null
nick:x:503:502:Nick DeClario:/home/nick:/dev/null  
pete:x:504:502:Pete O'Hara:/home/pete:/dev/null  

A sample /home/ftpsecure/etc/group would be:  

root::0:root  
nobody::99:  
gdftp::502:dave,nick,pete,ben,rwm  

Now when a user executes the command "ls", they will see something like this (note was was '0' is now 'root'):  

ftp> ls -la  
227 Passive mode engaged (127,0,0,1,109,222)  
150 Here comes the directory listing.  
drwxr-xr-x 2 root root 4096 Apr 13 20:07 etc  
-rw-r--r-- 1 root root 0 Apr 13 20:03 that  
-rw-r--r-- 1 root root 0 Apr 13 20:03 this  
226 Directory send OK.
==============

Thanks to paullamhkg for compiling instruction step by step.


0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9784196
shivsa already gave you the answer I'm just give you more to read http://vsftpd.beasts.org/

ps. points should go for shivsa, I did nothing here, just have some more info for the asker :)
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question