Chroot vsftpd with non-system users

A quick and easy way to setup a chroot Vsftpd with non-system users.
Here you can:
  1. Configure vsftpd to use ftp virtual users.
  2. Administer your ftp virtual users through some bash scripts.
Warning:
Do not name your virtual users the same as your system users.
These scripts will delete your system users' accounts if you do so!

Installation

yum -y vsftpd db4-utils

Configuration

Server

Just after install vsftpd package, run one of the following scripts to configure your ftp server.
Script
Description
vsftpd_virtual_config.sh
Do a basic ftp virtual user configuration without TLS. Here USER and PASS go readable over the wire.
vsftpd_virtual_config_withTLS.sh
Do a basic ftp virtual user configuration with TLS. Here USER and PASS go unreadable over the wire.
If you are offering ftp service across Internet you probably want to try the vsftpd_virtual_config_withTLS.sh script. Don't you ? :)

Users

Once your vsftpd is configured you can use the following scripts to administer the ftp virtual users:
Script
Description
vsftpd_virtualuser_add.sh
Add a new ftp virtual user ( requires vsftpd_virtualuser_config.tpl ).
vsftpd_virtualuser_update.sh
Update ftp virtual user information.
vsftpd_virtualuser_remove.sh
Remove ftp virtual user (CAUTION!: and all its related data).
vsftpd_virtualuser_info.sh
Retrieve ftp virtual user information.
Additionally, you can prevent an ftp virtual user from login to the vsftpd by denying its account. You can do this when you create a new ftp virtual user or when you update an existent one.

Firewall

In order for this configuration to work, you'll need to open, in the server side, the ftp command port: 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
and if you can't transfer data with default configuration rules, then the ftp data transfer range of ports should be opened, in the server side, too: 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 64000:65535 -j ACCEPT

Comments

Post a Comment

Popular posts from this blog

PHPMixBill V5 mikrotik Billing Solutions

Image
New Features: =================================================== – New Coding (ORM & Smarty) – New Design (responsive) – NEW API Mikrotik (PEAR2_Net_RouterOS) – Multi Router Mikrotik – Hotspot & PPPOE – Easy Installation – Multi Language and many more… STEPS: Installation =================================================== Auto Installer: 1. Unzip the contents of the zip file to a folder on your computer. 2. Upload the Entire phpmixbill_v5.0 folder to your website / server 3. Next you can rename the folder to whatever you like (billing, finance, manage etc..) 4. Now visit the uploaded location using your web browser to run the installer process. 5. Follow the instructions on screen to install PHPMixBill v5.0. 6. For security, Delete the install directory inside system folder. 7. If you see blank page after installation, it might be your compiled folder permissoon is not writable. Please make permission 755 compiled directory inside ui folder to s
Read more

How to install Asterisk and A2billing on Ubuntu Server 12.04LTS

This installation was carried out on Ubuntu 12.04 LTS on 64bit We need to upgrade apt-get #apt-get upgrade #apt-get update Configure your timezone: #dpkg-reconfigure tzdata Install some pre-requisites: #apt-get install libapache2-mod-php5 php5 php5-common #apt-get install php5-cli php5-mysql mysql-server apache2 php5-gd (note the password for mysql, we will need it later) #apt-get install php5-mcrypt #apt-get install build-essential wget libssl-dev libncurses5-dev libnewt-dev  libxml2-dev linux-headers-$(uname -r) libsqlite3-dev uuid-dev Add jansson and install Asterisk 12.1.1 #apt-get install python-software-properties -y #apt-key adv --keyserver pgp.mit.edu --recv-keys 175E41DF #http://www.digip.org/jansson/releases/jansson-2.4.tar.gz #tar -zxf jansson-2.4.tar.gz #cd jansson-2.4/ #./configure --prefix=/usr/ && make clean && make && make install asterisk-1.8.27.0-rc1.tar.gz #add-apt-repository "deb http://packages.asterisk.o
Read more

odbcinst: SQLGetPrivateProfileString failed with

Image
odbcinst: SQLGetPrivateProfileString failed with . This is an error that I received while setting up Asterisk with MySQL. The error occurs when I type in the command: sudo odbcinst -q -d The reason for the error is 1 of 2 things. * To find your local path for odbcinst run the following from terminal: sudo odbcinst -j 1. You are missing environment profiles Run the following in terminal to check your environment profiles for ODBC: env | grep 'ODBC' You should see the following returned: LD_LIBRARY_PATH=/usr/local/unixODBC/lib:/usr/local/lib: ODBCSYSINI=/usr/local/etc ODBCINI=/usr/local/etc/odbc.ini If not then this is your first problem. You are missing the environment variables to unixODBC. To add the environment variables run the following in terminal (no sudo): export LD_LIBRARY_PATH=/usr/local/unixODBC/lib:/usr/local/lib: export ODBCSYSINI=/usr/local/etc export ODBCINI=/usr/local/etc/odbc.ini * Please note that the paths are where your odbc files sit. So ple
Read more