Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17

Thread: kindly requesting you to help about how to add local users to FTP users.

  1. #1
    Junior Member
    Join Date
    Jul 2013
    Posts
    20
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    0

    Default kindly requesting you to help about how to add local users to FTP users.

    Dear Sir,

    I have installed vsftpd on ubuntu 12.04 and created these following users as mentioned below...


    teach sudo user created during the ubuntu installation

    ubuntu

    richard

    petersen

    mcmillan

    michael

    smith

    tom



    These users are local and normal users have been created by me. i want only 5 users to be added to ftp users those are teach, ubuntu richard, petersen and mcmillan.

    now my questions is......

    1) how to add these 5 users to FTP user list and those users to be restricted to their home directory.?

    I am willingly requesting you to help me in this regard in the detailed manner or Step by Step


    With thanks and kind regards

    Basavaraj From India.

  2. #2
    Senior Member MrJ's Avatar
    Join Date
    Mar 2013
    Location
    Lund, Sweden
    Posts
    142
    Thanks
    1
    Thanked 11 Times in 9 Posts
    Rep Power
    3

    Default

    Nixtraft have already posted a answer some years ago:

    VSFTP chroot or jail users Ė limit users to only their home directory howto



    Patrick asks:
    How do I limit users of vsftp to only their home directory? Therefore, that user cannot go outside other directories to browser something.
    Yesterdays VSFTPD troubleshooting note (read as post) brought me back this question.
    If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.
    For consider following example:

    • Ftp username : user1
    • FTP home directory: /home/user1

    Code:
    $ ftp ftp.domain.com
    Output:
    Code:
    Connected to ftp.domain.com.
    220 (vsFTPd 2.0.5)
    Name (ftp.domain.com:user1): user1
    331 Please specify the password.
    Password:
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> pwd
    257 "/home/user1"
    ftp> cd /etc
    250 Directory successfully changed.
    ftp> ls
    200 PORT command successful. Consider using PASV.
    150 Here comes the directory listing.
    150 Here comes the directory listing.
    -rw-r--r--    1 0        0            7959 Mar 02 22:20 Muttrc
    drwxr-xr-x    3 0        0            4096 Jul 24 12:20 Wireless
    drwxr-xr-x   16 0        0            4096 Jul 30 22:58 X11
    drwxr-xr-x    4 0        0            4096 Sep 05  2005 Xprint
    -rw-r--r--    1 0        0            2188 Sep 05  2005 adduser.conf
    -rw-r--r--    1 0        0              47 Aug 16 14:52 adjtime
    -rw-------    1 0        0            4330 Aug 18  2005 afick.conf
    -rw-r--r--    1 0        0             194 Sep 05  2005 aliases
    -rw-r--r--    1 0        0           12288 Jul 19 21:27 aliases.db
    drwxr-xr-x    2 0        0            8192 Aug 15 09:33 alternatives
    ...
    .....
    ..
    Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp.
    To avoid this security problem you can lock ftp user in a jail.
    Open vsftpd configuration file - /etc/vsftpd/vsftpd.conf
    Code:
    # vim /etc/vsftpd/vsftpd.conf
    Make sure following line exists (and uncommented):
    Code:
    chroot_local_user=YES
    Save and close the file. Restart vsftpd.
    Code:
    # /etc/init.d/vsftpd restart
    Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature.
    Last edited by MrJ; 17th July 2013 at 04:02 PM.

  3. #3
    Junior Member
    Join Date
    Jul 2013
    Posts
    20
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    0

    Default

    Dear Sir,

    Example of USERNAME is user1

    how to add local users to the FTP user list by creating FTP user list file, that is I dont know, explain in detailed ?

    suppose I created a Folder in Home directory in user1 is Softwares . Only This Folder must be appeared when I logged in using user1.

    For that, What I have to do?


    sitting on remote computer, When I type ftp://10.10.3.180 ENTER


    It asks User name user1
    Password user1

    it gets connected to FTP Server............

    Then It shows Everything about user1, that is I dont want, I want only that Folder Softwares

    user1 should see and access that Softwares Folder Only, in that folder, I am going to keep sofwares like Ubuntu, Debian, extra extra.....

    user1 has power of downloading,........ not uploading...........



    It is my humbly request to everyone.

    heartily thanking you Sir,

  4. #4
    Senior Member MrJ's Avatar
    Join Date
    Mar 2013
    Location
    Lund, Sweden
    Posts
    142
    Thanks
    1
    Thanked 11 Times in 9 Posts
    Rep Power
    3

    Default

    Well why do not you use OwnCloud file sharing and transfer? I think it would have been easier for you and your friends....

    https://owncloud.org/
    Last edited by MrJ; 17th July 2013 at 08:57 PM.

  5. #5
    Junior Member
    Join Date
    Jul 2013
    Posts
    20
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    0

    Default

    I don't want this owncloud. please do help in VSFTPD Configuration file's Settings as per my previous reply


    If you want detailed information about my VSFTPD Computer, I will give you in detailed way.

    Explain me in Step by Step.

    Thanking you for your reply

    Basavaraj From India.

  6. #6
    Senior Member MrJ's Avatar
    Join Date
    Mar 2013
    Location
    Lund, Sweden
    Posts
    142
    Thanks
    1
    Thanked 11 Times in 9 Posts
    Rep Power
    3

  7. #7
    Junior Member
    Join Date
    Jul 2013
    Posts
    20
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    0

    Default

    Dear Sir,

    In that link, have given complications about PAM Library, PAM Configuration and apache2 I am not aware of these things. I get confused.

    The way I wanted to make VSFTPD Server is not happening. your views and thoughts are not matching with my views and thoughts. I am only concentring on VSFTPD Package and already I am allmost familiar with it.

    Suppose When you create user like user1 in ubuntu linux it becomes LOCAL USER then I want that user1 to be added into FTP USER List by creating vsftpd userlist File and giving access and restrictions Extra.... In this regard, Could you tell me specifically ?

    Some people say that you need to add these things in config file are

    # the list of users to give access
    userlist_file=/etc/vsftpd.userlist

    # this list is on
    userlist_enable=YES

    # It is not a list of users to deny ftp access
    userlist_deny=NO


    Question 1) userlist_file means what and how to add it in vsftpd config file?
    Question 2) userlist_ enable= YES means what and what meaning it shows?
    Question 3) userlist_deny=NO means what and what meaning it shows?


    Thereafter, I will ask you some other questions about restriction to the home Directory.

    I will tell you each and everything about Server and will give details of users, any configurations files extra extra...

    Explain me in STEP by STEP.......I am not hurry.........Please Kindly do the help in Systimatic manner.

    Sincerely Thanking you Sir,

    Basavaraj

  8. #8
    Senior Member MrJ's Avatar
    Join Date
    Mar 2013
    Location
    Lund, Sweden
    Posts
    142
    Thanks
    1
    Thanked 11 Times in 9 Posts
    Rep Power
    3

    Default

    Installing and configure vsftpd on Ubuntu or Debian whit dedicated folders.

    First install VSFTP onb your server:


    Code:
    sudo apt-get install vsftpd
    How to configure vsftpd:


    Now that youíve installed vsftpd, follow this procedure to configure it.


    Before you get started, stop the vsftpd by typing:


    Code:
    service vsftpd stop
    Edit the vsftp.conf


    Code:
    # sudo vim /etc/vsftpd.conf
    Make the following changes:


    We donít want anonymous login:


    Code:
    anonymous_enable=NO
    Enable local users:


    Code:
    local_enable=YES
    The ftpuser should be able to write data:


    Code:
    write_enable=YES
    Port 20 need to turned off, makes vsftpd run less privileged:


    Code:
    connect_from_port_20=NO
    Chroot everyone:


    Code:
    chroot_local_user=YES
    set umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.


    Code:
    local_umask=022
    Now that basic configuration is complete, now let us begin with locking / securing a directory to user.


    Code:
    sudo useradd -d /path/to/your/dir/user1/ -s /usr/sbin/nologin user1
    For the second user it's pretty much the same but you but changing his home folder to a filder whitin user1's homefolder (dir2 is your software folder):

    Code:
    sudo useradd -d /path/to/your/dir/user1/dir2/ -s /usr/sbin/nologin user2

    Setup a password for the users:


    Code:
    sudo passwd user1
    In order to enable the user1 read and write the data in your home dir, change the permission and take ownership, We will give the user ownership now, but later into the guide we will create a gruop that we well add user2 in:


    Code:
    sudo chown -R user1 /path/to/your/dir/user1
    
    
    sudo chmod -R 745 /path/to/your/dir/user1

    Create userlist file and add the user:


    Code:
    sudo vim /etc/vsftpd.userlist
    and add the user you want:


    Code:
    user1
    user2
    save the file and open the vsftp.conf file again:


    Code:
    sudo vim /etc/vsftpd.conf
    Add the following lines at the end of the file and save it:


    Code:
    # the list of users to give access
    userlist_file=/etc/vsftpd.userlist
    # this list is on
    userlist_enable=YES
    # It is not a list of users to deny ftp access
    userlist_deny=NO
    After completing all these procedures it is almost ready to use it, give it a try but you will get a 500 OOPS permission denied error. To fix it you need to add a nologin to the shell set.


    Code:
    sudo vim /etc/shells

    The file should look like this:


    Code:
    /bin/ksh
    /usr/bin/rc
    /usr/bin/tcsh
    /bin/tcsh
    /usr/bin/esh
    /bin/dash
    /bin/bash
    /bin/rbash
    Add this line at the end:


    Code:
    /usr/sbin/nologin
    Now create a usergroup and add the the users to it who will have access to :


    Code:
    sudo addgroup gruop1
    Code:
    sudo usermod -G gruop1 user2
    Asol dont forget give rights to the gruop users (that user2 is in) for user1's folder and files, because you wanted the "Software" would be owned by user1 but be user2's home directory

    Code:
    sudo chown -R user1:gruop1 /path/to/your/dir/user1/software
    Now start the vsftpd:


    Code:
    sudo service vsftpd start
    Thatís it. Now you have a secure installation of vsftpd on your server.

    If this does not help, send me a pm and I can help you over skype.

  9. #9
    Junior Member
    Join Date
    Jul 2013
    Posts
    20
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    0

    Default

    First install VSFTP onb your server:

    Code:

    sudo apt-get install vsftpd



    How to configure vsftpd:

    Now that youíve installed vsftpd, follow this procedure to configure it.


    Before you get started, stop the vsftpd by typing:


    Code:

    service vsftpd stop
    Edit the vsftp.conf


    Code:

    # sudo vim /etc/vsftpd.conf
    Make the following changes:


    We donít want anonymous login:


    Code:

    anonymous_enable=NO
    Enable local users:


    Code:

    local_enable=YES
    The ftpuser should be able to write data:


    Code:

    write_enable=NO If I do enable, FTP users start uploading. That is I don't want
    Port 20 need to turned off, makes vsftpd run less privileged:


    Code:

    connect_from_port_20=NO
    Chroot everyone:


    Code:

    chroot_local_user=YES

    set umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.



    Code:

    local_umask=022

    Upto this Stage I have done Successfully. One changes I have not done i.e

    write_enable=NO





    --------------------------------------------------------------------------------------------------------------------------------

    Now that basic configuration is complete, now let us begin with locking / securing a directory to user.

    Code:

    sudo useradd -d /path/to/your/dir/user1/ -s /usr/sbin/nologin user1

    After reading the reply, So I created two local users named user1 and user2. Each user has their home directory

    inside the home of user1, created software Folder the path is like this:
    /home/user1/software is the same meaning showing that you have given /path/to/your/dir/user1 ?

    as per my knowledge is concerned,
    /path/to/your/dir/user1 is the meaning of /home/user1

    OR


    /path/to/your/dir/user1= /home/user1 What I understood is correct?


    -s /usr/sbin/nologin user1------Exactly What it means and what it shows..kindly explain it in detail. Once I understood, I never ask you again same sir.


    For the second user it's pretty much the same but you but changing his home folder to a filder whitin user1's homefolder (dir2 is your software folder):

    Code:


    sudo useradd -d /path/to/your/dir/user1/dir2/ [-s /usr/sbin/nologin user2---What it means}

    >>Whether I have to set any directories or any path, in what way and how. here is the little bit confusion is there Sir.

    Actually here is the Difficulty
    /path/to/your/dir/user1/dir2/ is equal to /home/user1/xyz or any directories which come under user1?



    as per my knowledge is concerned, /path/to/your/dir/user1/dir2 is the meaning of /home/user1/software OR any directories which come under user1

    OR

    /path/to/your/dir/user1/dir2 = /home/user1/software (Software is my directory under user1) What I understood is correct?


    This time what you replied was very useful

    Please Explain above said things in simple way. I am very honestly and sincerely Thankful to you Sir

    Its my humble request to you sir.

    Thank you once again.

    From Basavaraj.
    Last edited by Basavaraj; 21st July 2013 at 04:43 PM.

  10. #10
    Senior Member MrJ's Avatar
    Join Date
    Mar 2013
    Location
    Lund, Sweden
    Posts
    142
    Thanks
    1
    Thanked 11 Times in 9 Posts
    Rep Power
    3

    Default

    For more information check out vsftpd's manual,
    which you can find here: https://security.appspot.com/vsftpd/vsftpd_conf.html

    I think we should take an oral conversation on the subject so you understand better because I can't express myself better in writing than I already have done.
    Send a PM so we can book a time for a call or else visit vsftpd's website, try Google or just hire me for a few hours and I'll fix it for you...
    Last edited by MrJ; 22nd July 2013 at 05:48 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to list all users and display number of users?
    By crunchyhearts in forum Linux software
    Replies: 2
    Last Post: 29th July 2012, 12:34 PM
  2. grepping for all users with a id of 80.
    By sraesmit in forum Shell scripting
    Replies: 8
    Last Post: 21st July 2012, 06:20 AM
  3. Prevent users from storing data into local hdd
    By bubloob_13 in forum Windows Xp/2000/2003 server administration
    Replies: 1
    Last Post: 3rd June 2010, 05:22 PM
  4. FTP users
    By vamsi in forum Linux software
    Replies: 2
    Last Post: 13th January 2010, 09:30 PM
  5. Ldap and non-local users
    By bdptcob in forum Linux software
    Replies: 1
    Last Post: 15th February 2008, 02:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •