Solved

FTP configuration using vsftpd

Posted on 2006-06-28
9
432 Views
Last Modified: 2008-02-26
Hi,
I am configuring a vsftpd server on CentOs 4.x.
I need help on the following.
I have changed the anon_root=/local/data

Under /local/data I have four directories
setups
FAQ
Public
Temp

When the user types ftp://myftpip He is presented with these four directories.
What I need to do is when he changes directory to setups, I dont want the contents/directories listed. But if he knows the name of the file/directory he can access it.
For /Temp the contents can be listed and the user of a particular group (say gid 345) can write to.
For FAQ The contents can be listed only if you know the directory/filename and be readable for users of gid 345


I have been successful in hiding the directory, setups, FAQ,Public,Temp by giving hide_file=setups,FAQ,Public,Temp, but I actually need to hide the data withing these directories.
Also I assume the gid 345 users can be given access I need  based on user_config_dir.

Kindly update with any howto link if possible.

Thanks
--Walter
0
Comment
Question by:wfaleiro
  • 5
  • 2
  • 2
9 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 17005961
For directories 'r' flag allows you to deny listing.

# to disallow listing of /local/data for all
chmod g-r,o-r /local/data

# to allow write access for group and allow listing of Temp
chgrp 345 /local/data/Temp
chmod g+w+x,o-w+x /local/data/Temp

# FAQ readable by 345 and not listable by others
chgrp 345 /local/data/FAQ
chmod g+r+x,o-r+x /local/data/FAQ
0
 
LVL 1

Author Comment

by:wfaleiro
ID: 17009933
Hi Nopius
That works fine, but when anonymous user uploads files it creates them with the permissions
-rw-------  1 ftp     ftp filename.
I need to create the same as ftp:gid345 and have permissions set as
-rw-r--r--

Thanks,
--Walter
0
 
LVL 1

Author Comment

by:wfaleiro
ID: 17010193
My anonymous umask is 022.
So the files shoudl have permission -rw-r--r--.
Suprisingly they dont get the permission
0
 
LVL 1

Author Comment

by:wfaleiro
ID: 17010564
These are my settings
anonymous_enable=YES
anon_root=/local/data/
anon_upload_enable=YES
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_world_readable_only=YES
anon_max_rate=500000
anon_umask=022

And under data I have a folder under /local/data called inc.
The permissions for this folder are
drwxrws-wx  ftp 345

But when I upload files under this folder as user anonymous the permissions granted are
-rw-------

I  need the permissions as -rw-r--r--

--Walter
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 8

Expert Comment

by:RWJDCom
ID: 17011276
That's quite strange.  When you modified the configuration did you stop and restart the FTP daemon?  You need to restart the FTP server for any changes you make to the configuration file to take effect.  Also, make sure that you are modifying the correct config file.  I have seen where the installer creates config files in different places which causes problems (ie. it put a config file in /etc and /usr/local/etc) and the server was only looking at the configuration file in the /etc directory and there was no reason for the /usr/local/etc configuration file.

You could also check the default settings in the code prior to compileing the vsftpd server and just change the settings in the source code itself and re-compile it.

I hope this helps.
0
 
LVL 1

Author Comment

by:wfaleiro
ID: 17012290
Restarted the daemon after all changes.
0
 
LVL 1

Author Comment

by:wfaleiro
ID: 17013047
Also I need to disable the verbose mode.
When I login to the system and execute commands I get output messages of the commands executed in verbos mode. Can I disable that?
0
 
LVL 8

Expert Comment

by:RWJDCom
ID: 17014969
Could you paste your entire configuration file so that I can review it and hopefully assist you better.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 125 total points
ID: 17015201
> The permissions for this folder are
> drwxrws-wx  ftp 345

that's good

That's mine config, that works:
write_enable=YES
local_enable=YES
local_umask=022
anonimous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=NO
anon_world_readable_only=NO
anon_umask=022

after applying this config I get rw-r--r-- when uploading files by anonymous.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now