Secure Writeable Restricted VSFTP Site

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	Subject: application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	Subject: X Windows problem (xauth)
•	Subject: Upgrading openoffice 1 1 rpm
•	Subject: FTP: connection refused
•	Subject: FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	Subject: broadcom network interface
•	make mrproper
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	sendmail configuration on redhat
•	kernel 2 6 and /dev/sound/mixer not found
•	Subject: Promise 378 controller
•	Subject: Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	Subject: Lotus Notes under Wine
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	rpm database corrupt
•	Command stream end of file while reading
•	qla2300 modules

Secure Writeable Restricted VSFTP Site

Secure Writeable Restricted VSFTP Site

2005-04-19 - By Gavin Mellors - BCX SS

Back

Reply: 1 2 3 4

Hi All

I am trying to setup a secure ftp site using RH9.0, vsftpd and xinetd.
I can ftp in locally (local_enable=YES) but I cannot connect to my site from an
external address.

The user accounts have been created on the local machine and I can ftp to my
box using both accounts and am able to read,write and delete files. I am unable
to move out of the local_root dir as specified in vsftpd.conf file and ,
anonymous and ftp user access is denied. So all seems well locally.?
(I want to give web developer write access to the web site but restrict access
to two specific external IP addresses.
Following contents of my config files.

more /etc/xinetd.d/vsftpd
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
only_from = www.xxx.yyy.zzz
log_on_failure += USERID
}

/etc/vsftpd.conf
ftpd_banner=Welcome to the Blah Ftp Server
anonymous_enable=NO
local_enable=YES
hide_ids=YES
write_enable=YES
local_root=/var/www/ //I have added my web developer to the
apache group and chown to these files root:apache
pam_service_name=vsftpd // Aaargh!!! I needed to change it to this
from pam_service_name=ftp ;)
xferlog_enable=YES
# Security
userlist_enable=YES
userlist_deny=NO

Thanks in advance.
Gavin Mellors

Kind Regards,
Gavin Mellors
Senior Customer Services Engineer KZN
Support Services
Business Connexion (Pty) Ltd

Office: +27 (0)39 695 0002
Mobile: +27 (0)82 577 8675
Fax: +27 (0)39 695 0002
Email: gavin.mellors@(protected)
Web Site: www.bcx.co.za <http://www.bcx.co.za/>

NOTICES:
1. This message and any attachments are confidential and intended solely for
the addressee. If you have received this message in error, please notify the
sender at Business Connexion (Pty) Ltd immediately. Any unauthorised use,
alteration or dissemination is prohibited.
2. Business Connexion (Pty) Ltd accepts no liability whatsoever for any loss
whether it be direct, indirect or consequential, arising from information made
available and actions resulting there from.
3. Please note that Business Connexion only binds itself by way of signed
agreements. 'Signed' refers to a hand-written signature, excluding any
signature appended by 'electronic communication' as defined in the Electronic
Communications and Transactions Act, no. 25 of 2002.
4. Directors: P.A. Watt, B. Mophatlane, A.C. Farthing (British), B. Sithole, I.
Mophatlane, M.W. Schoeman.
5. Business Connexion (Pty) Ltd Company Registration Number: 1993/003683/07

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859 (See http://iso-8859.ora-code.com)-1">

<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=318111320-18042005>Hi All</SPAN></DIV>
<DIV><SPAN class=318111320-18042005></SPAN> </DIV>
<DIV><SPAN class=318111320-18042005>I am trying to setup a secure ftp site
us</SPAN><SPAN class=318111320-18042005>ing RH9.0, vsftpd and
xinetd.</SPAN></DIV>
<DIV><SPAN class=318111320-18042005>I can ftp in locally (local_enable=YES) but
I cannot connect to my site from an external address.</SPAN></DIV>
<DIV><SPAN class=318111320-18042005></SPAN> </DIV>
<DIV><SPAN class=318111320-18042005>The user accounts have been created on the
local machine and I can ftp to my box using both accounts and am able to
read,write and delete files. I am unable to move out of the local_root dir as
specified in vsftpd.conf file and , anonymous and ftp user access is denied. So
all seems well locally.?</SPAN></DIV>
<DIV><SPAN class=318111320-18042005>(I want to give web developer write access
to the web site but restrict access to two specific external IP
addresses.</SPAN></DIV>
<DIV><SPAN class=318111320-18042005>Following contents of my config
files.</SPAN></DIV>
<DIV><SPAN class=318111320-18042005></SPAN> </DIV>
<DIV><SPAN class=318111320-18042005>more /etc/xinetd.d/vsftpd<BR>service
ftp<BR>{<BR>       
disable            
    
= no<BR>       
socket_type        =
stream<BR>       
wait            
       
= no<BR>       
user            
       
= root<BR>       
server            
    
= /usr/sbin/vsftpd<BR>       
nice            
       
= 10<BR>       
only_from           = 
<A
href="http://www.xxx.yyy.zzz">www.xxx.yyy.zzz</A></SPAN></DIV>
<DIV><SPAN class=318111320-18042005>       
log_on_failure     += USERID<BR>}</SPAN></DIV>
<DIV><SPAN class=318111320-18042005></SPAN> </DIV>
<DIV><SPAN class=318111320-18042005>/etc/vsftpd.conf<BR>ftpd_banner=Welcome to
the Blah Ftp
Server<BR>anonymous_enable=NO<BR>local_enable=YES<BR>hide_ids=YES<BR>write
_enable=YES<BR>local_root=/var/www/       
            
//I have added my web developer to the apache group and chown to these files
root:apache</SPAN></DIV>
<DIV><SPAN
class=318111320-18042005>pam_service_name=vsftpd     
       
// Aaargh!!! I needed to change it to this from pam_service_name=ftp
;)<BR>xferlog_enable=YES<BR>#
Security<BR>userlist_enable=YES<BR>userlist_deny=NO<BR></DIV></SPAN>
<DIV><SPAN class=318111320-18042005>Thanks in advance.</SPAN></DIV>
<DIV><SPAN class=318111320-18042005>Gavin Mellors</SPAN></DIV>
<DIV><SPAN class=318111320-18042005></SPAN> </DIV>
<STYLE type=text/css>A {
FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:active {
COLOR: #ff0000; FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:link {
COLOR: #003366; FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:visited {
COLOR: #003366; FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:hover {
COLOR: #ff0000; FONT-FAMILY: verdana; TEXT-DECORATION: underline
}
.small_text {
FONT-SIZE: 9px; COLOR: #003366; FONT-FAMILY: verdana
}
</STYLE>
<FONT face=verdana color=#003366 size=2><B>Kind Regards,<BR>Gavin
Mellors<BR>Senior Customer Services Engineer KZN<BR>Support Services<BR><FONT
color=#ff0000>Business Connexion (Pty) Ltd</B></FONT></FONT><BR><BR>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top noWrap width=16
background=http://www.bcx.co.za/email/sig_phone.gif height=16></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1> 
Office:</FONT></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>  +27 (0)39 695
0002</FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=16
background=http://www.bcx.co.za/email/sig_mobilephone.gif height=16></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1> 
Mobile:</FONT></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>  +27 (0)82 577
8675</FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=16
background=http://www.bcx.co.za/email/sig_fax.gif height=16></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>  Fax:</FONT></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>  +27 (0)39 695
0002</FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=16
background=http://www.bcx.co.za/email/sig_mail.gif height=16></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>  Email:</FONT></TD>
<TD noWrap><FONT face=verdana size=1>  <A
href="mailto:gavin.mellors@(protected)">gavin.mellors@(protected)</A></FONT><
/TD></TR>
<TR>
<TD vAlign=top noWrap width=16
background=http://www.bcx.co.za/email/sig_ie.gif height=16></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>  Web Site:
</FONT></TD>
<TD noWrap><FONT face=verdana size=1>  <A
href="http://www.bcx.co.za/"
target=_rti>www.bcx.co.za</A></FONT></TD></TR></TBODY></TABLE><BR><FONT
class=small_text>NOTICES:<BR>1. This message and any attachments are
confidential and intended solely for the addressee. If you have received this
message in error, please notify the sender at Business Connexion (Pty) Ltd
immediately. Any unauthorised use, alteration or dissemination is
prohibited.<BR>2. Business Connexion (Pty) Ltd accepts no liability whatsoever
for any loss whether it be direct, indirect or consequential, arising from
information made available and actions resulting there from.<BR>3. Please note
that Business Connexion only binds itself by way of signed agreements. 'Signed'
refers to a hand-written signature, excluding any signature appended by
'electronic communication' as defined in the Electronic Communications and
Transactions Act, no. 25 of 2002.<BR>4. Directors: P.A. Watt, B. Mophatlane,
A.C. Farthing (British), B. Sithole, I. Mophatlane, M.W. Schoeman.<BR>5.
Business Connexion (Pty) Ltd Company Registration Number:
1993/003683/07<BR></FONT>
<DIV> </DIV></BODY></HTML>

--
Shrike-list mailing list
Shrike-list@(protected)
https://www.redhat.com/mailman/listinfo/shrike-list