DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th January 2009
AlexDudko AlexDudko is offline
New User
 
Join Date: May 2008
Posts: 5
Default Securing ftp access

I have configured authorized ftp access to my server. But a user can see almost everything beyond his home directory. How can I configure the ftp access to restrict users only to their home directories?
Thank you.
Reply With Quote
  #2   (View Single Post)  
Old 12th January 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

How about reading ftp://vsftpd.beasts.org/users/cevans...tpd-2.0.7/FAQ?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 12th January 2009
DNAeon DNAeon is offline
Shell Scout
 
Join Date: Sep 2008
Location: Bulgaria
Posts: 138
Default

This one should give a quick start:
http://daemonforums.org/showthread.php?t=2215
__________________
"I never think of the future. It comes soon enough." - A.E

Useful links: FreeBSD Handbook | FreeBSD Developer's Handbook | The Porter's Handbook | PF User's Guide | unix-heaven.org
Reply With Quote
  #4   (View Single Post)  
Old 12th January 2009
AlexDudko AlexDudko is offline
New User
 
Join Date: May 2008
Posts: 5
Default

Thank you guys for your answers, there's another problem occured - I can't add a new user. When I am trying to add one with adduser command I receive:
Code:
pwd_mkdb: 14   uid is incorrect
pwd_mkdb: at line #27
pwd_mkdb: /etc/master.passwd: Inappropriate file type or format
pw: user 'Bob' disappeared during update
adduser: ERROR: There was an error adding user (Bob).
I have already configured vsftpd to accept local users after authentication and the only not root user - Alex - can really log in. But he can easily access files in any directory of the server. In my Fedora server this access is disallowed by SeLinux and local users there can't go anywhere beyond their home directories. In FreeBSD with the same settings it doesn't restrict access in that way.
Reply With Quote
  #5   (View Single Post)  
Old 12th January 2009
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

So, you're using the vsftpd port (and not base system ftpd), correct?

Both offer chroot capabilities without MAC. vsftpd.conf is enumerated here: http://vsftpd.beasts.org/vsftpd_conf.html
__________________
Kill your t.v.
Reply With Quote
  #6   (View Single Post)  
Old 12th January 2009
AlexDudko AlexDudko is offline
New User
 
Join Date: May 2008
Posts: 5
Default

Yes, I use vsftpd from ports, but at the moment I can't add new users.
Reply With Quote
  #7   (View Single Post)  
Old 12th January 2009
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

That sounds like a different thread.

For that particular problem, try vipw(8). It performs some sanity checks on your /etc/master.passwd file, which may help you fix the issue. (Don't edit those files manually going forward.)
__________________
Kill your t.v.
Reply With Quote
Reply

Tags
chroot, virtual hosts, vsftpd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DVD access zazen OpenBSD General 11 4th June 2009 03:28 PM
Securing wifi networks with ipsec/ssh and openbsd Oko OpenBSD Security 4 16th April 2009 07:32 AM
ssh access carpman FreeBSD Security 8 19th February 2009 12:26 PM
Securing your NetBSD system anomie NetBSD Security 4 27th May 2008 11:19 AM
CD Access in KDE Scott FreeBSD General 10 13th May 2008 05:48 AM


All times are GMT. The time now is 03:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick