Chroot vsftpd with non-system users
A quick and easy way to setup a chroot Vsftpd with non-system users.
Here you can:
- Configure vsftpd to use ftp virtual users.
- Administer your ftp virtual users through some bash scripts.
Warning:
Do not name your virtual users the same as your system users. These scripts will delete your system users' accounts if you do so! |
Installation
yum -y vsftpd db4-utils
Configuration
Server
Just after install vsftpd package, run one of the following scripts to configure your ftp server.
Script
|
Description
|
|
Do a basic ftp virtual user configuration without TLS. Here USER and PASS go readable over the wire.
|
||
Do a basic ftp virtual user configuration with TLS. Here USER and PASS go unreadable over the wire.
|
If you are offering ftp service across Internet you probably want to try the vsftpd_virtual_config_withTLS.sh script. Don't you ?
Users
Once your vsftpd is configured you can use the following scripts to administer the ftp virtual users:
Script
|
Description
|
|
Add a new ftp virtual user ( requires vsftpd_virtualuser_config.tpl ).
|
||
Update ftp virtual user information.
|
||
Remove ftp virtual user (CAUTION!: and all its related data).
|
||
Retrieve ftp virtual user information.
|
Additionally,
you can prevent an ftp virtual user from login to the vsftpd by denying
its account. You can do this when you create a new ftp virtual user or
when you update an existent one.
Firewall
In order for this configuration to work, you'll need to open, in the server side, the ftp command port:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
and
if you can't transfer data with default configuration rules, then the
ftp data transfer range of ports should be opened, in the server side,
too:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 64000:65535 -j ACCEPT
Comments
Post a Comment