[ale] vsftpd

Edward Holcroft eholcroft at mkainc.com
Thu Apr 4 14:28:38 EDT 2013


All,

I have set up a vsftpd server on ubuntu 12.04 on ec2.

It functions more or less ok (like a basic, insecure ftp box) after this
fix to a most annoying issue with the default version of vsftpd on 12.04:

http://blog.thefrontiergroup.com.au/2012/10/making-vsftpd-with-chrooted-users-work-again/

(Don't even try and get chroot to work on 12.04 without first changing the
version of vsftpd)

However, I still have an issue:

When any user logs in, chroot jail works fine in terms of permissions (no
user can view the contents of any other user's directory - fine and well).
But the default is that all users get to see a directory listing of all the
user home directories. Obviously that's not desirable.

I'm wondering if anyone has a simple way around my issue - I want a user to
see only the contents of their own home directory when they log in and not
one level up.

I thought the smoking gun might be my use of local_root=home when enabling
chroot, but if I don't use the local_root option in vsftpd.conf then it
gives a 500 error. Is there perhaps a way to specify local_root= in a way
that it refers to /home/$USER where $USER is a Linux user? vsftpd does not
seem to understand $USER unless you're using virtual users.

If this is not possible with the current config, I am probably going to
ditch this approach in favor of virtual users - I just didn't want to go to
that amount of trouble for this task. Once I have everything working, will
of course, be adding ssl-based security.

ed
-- 
Edward Holcroft
Madsen Kneppers & Associates Inc.
3020 Holcomb Bridge Rd. NW
Norcross, GA 30071
O (770) 446-9606
M (678) 587-8649

-- 
MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. WARNING/CONFIDENTIALITY 
NOTICE: This message may be confidential and/or privileged. If you are not 
the intended recipient, please notify the sender immediately then delete it 
- you should not copy or use it for any purpose or disclose its content to 
any other person. Internet communications are not secure. You should scan 
this message and any attachments for viruses. Any unauthorized use or 
interception of this e-mail is illegal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130404/e80e5615/attachment.html>


More information about the Ale mailing list