Restric home user with SFTP using rssh or openssh

67 views
Skip to first unread message

chintan mehta

unread,
Feb 21, 2011, 7:09:36 AM2/21/11
to VG...@googlegroups.com
Hi

Guys, i want to restrict sftp user to only for home folder.

So user can only view their home folder and could not access any other folder in the system.

I have done with rssh but i got error after connection closed.

so if anybody have any other idea using chroot or any other else then please reply ASAP.

Thanks co-operation in advance.

Regards

Chintan



Mrugesh Raval(09427606168)

unread,
Feb 21, 2011, 1:17:46 PM2/21/11
to vg...@googlegroups.com, chintan mehta
Hi,
 
You can configure VSFTP as Virtual FTP Server.
 
Below is the procedure -

(1) Add following two lines in pam authentication module for services vsftpd

$sudo vi /etc/pam.d/vsftpd

auth sufficient pam_userdb.so db=/etc/vsftpd/vsftpd_login

account sufficient pam_userdb.so db=/etc/vsftpd/vsftpd_login

#session optional pam_keyinit.so force revoke

#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

#auth required pam_shells.so

#auth include system-auth

#account include system-auth

#session include system-auth

#session required pam_loginuid.so

(2) Add Parameter in

RED for virtual users require different paths of directories as their home direcotry (Profile Based FTP Users)

$ sudo cat /etc/vsftpd/vsftpd.conf | grep -v ^#

anonymous_enable=YES

local_enable=YES

write_enable=YES

local_umask=002

anon_upload_enable=YES

anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=NO

log_ftp_protocol=YES

connect_from_port_20=YES

user_config_dir=/etc/vsftpd/users/

file_open_mode=0775

anon_world_readable_only=NO

anon_other_write_enable=YES

ftpd_banner=Welcome to nxsagq03 FTP service.

virtual_use_local_privs=NO

listen=YES

pam_service_name=vsftpd

userlist_deny=no

==>Security setting for users in 'user_list' will be able to user ftp services

userlist_enable=YES

tcp_wrappers=YES

ascii_upload_enable=YES

ascii_download_enable=YES

(3) file - 'user_list'

$ sudo cat /etc/vsftpd/user_list

# vsftpd userlist

# If userlist_deny=NO, only allow users in this file

# If userlist_deny=YES (default), never allow users in this file, and

# do not even prompt for a password.

# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers

# for users that are denied.

testuser

 

 

(4) User Specific home directory and upload settings for virtual users (Profile example)

$ cat /etc/vsftpd/users/testuser

local_umask=002

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

anon_upload_enable=YES

dirlist_enable=YES

download_enable=YES

local_root=/home/testuser

write_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=NO

log_ftp_protocol=YES

guest_enable=YES

guest_username=pqcadm

anon_umask=022

file_open_mode=0775

anon_world_readable_only=NO

anon_other_write_enable=YES

Here, for another user account creation, we will just copy this file with that user account name and change 'local_root' as per require PATH for home directory of Virtual ftp User and follow step 5 and 6.

(5) Create Virtual User Account Entry

$ cat /etc/vsftpd/logins.txt

testuser

Te!p9c

(6) Create berkerly db file contains user account and password information for authentication through pam.d/vsftpd

$sudo /usr/bin/db_load -T -t hash -f /etc/vsftpd/logins.txt /etc/vsftpd/vsftpd_login.db

TESTING

C:\ftp ftptest01

Connected to ftptest01

220 Welcome to ftptest01 FTP service.

User (nxsagq03.paramount.com:(none)): testuser

331 Please specify the password.

Password:

230 Login successful.

ftp> pwd

257 "/"

ftp> mput *.xls

mput test.xls? y

200 PORT command successful. Consider using PASV.

150 Ok to send data.

226 File receive OK.

ftp: 34816 bytes sent in 0.03Seconds 1123.10Kbytes/sec.

ftp> dir

200 PORT command successful. Consider using PASV.

150 Here comes the directory listing.

-rwxr-xr-x 1 302 301 34816 Apr 06 2010 test.xls

226 Directory send OK.

ftp: 330 bytes received in 0.02Seconds 20.63Kbytes/sec.

ftp>

 THANKS AND REGARDS,

Mrugesh Raval





--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG



--
Mrugesh Raval.
09427606168

paresh bhide

unread,
Feb 22, 2011, 6:34:18 AM2/22/11
to vg...@googlegroups.com
Hi Chintan

Please find below link it may help you.

http://www.cyberciti.biz/tips/linux-unix-configuration-for-rssh.html

http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html




--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG



--
Thanks & Regards
Paresh C Bhide

परेशभिड़े@जीमेल.कॉम
परेशभिड़े@याहू.कॉम
Reply all
Reply to author
Forward
0 new messages