VSFTP: Very Secure File Transfer Protocol
========SERVER=============
[root@ilinux ~]# rpm -qa|grep vsftpd
vsftpd-2.0.5-12.el5
[root@ilinux ~]# service vsftpd status
vsftpd is stopped
[root@ilinux ~]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@ilinux ~]# chkconfig --list vsftpd
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@ilinux ~]# chkconfig --level 35 vsftpd on
[root@ilinux ~]# chkconfig --list vsftpd
vsftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@ilinux ~]# vi /etc/vsftpd/vsftpd.conf
By default, anonymous user can do ftp without password;
anonymous user is chrooted to /var/ftp as "/"
local users (linux users) can do ftp using password;
local users are not chrooted by default; i.e local users can access all the resources of the system using ftp
===========CLIENT SIDE================
#ftpIP-ADD of server
username: anonymous
password: password is not required
ftp>help
ftp>ls {it will show the content of the remote/server}
ftp>!ls {it will display the content of the local system}
ftp>pwd {it will show the PWD of the remote/server}
ftp>lcd {it will display the LOCAL working directory}
[notice: for anonymous user pwd will display "/" which is chrooted to /var/ftp]
#ftp IP-ADD of server
username: local user's username
password: password
ftp>........
...............
[notice: for local users by default pwd will be "/home/username" and local users can change the location on the remote server i.e he can go to /etc or any possible location and thus can theft the important data easily]
========================================
========================================
=========SERVER SIDE================
Q: How to create chroot jail for the local users?
A: For this we need to uncomment few lines shown below in /etc/vsftpd/vsftpd.conf
#vi /etc/vsftpd/vsftpd.conf
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
#vi /etc/vsftpd/chroot_list
[add the usernames to be chrooted to /home/username]
#service vsftpd restart
=============CLIENT SIDE==================
#ftp
username:
password:
ftp>........
...............
[now PWD will show "/" as user is chrooted to /home/username and local users cannot change the location outside /home/username as "/" for this user will be "/home/username"
========SERVER=============
[root@ilinux ~]# rpm -qa|grep vsftpd
vsftpd-2.0.5-12.el5
[root@ilinux ~]# service vsftpd status
vsftpd is stopped
[root@ilinux ~]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@ilinux ~]# chkconfig --list vsftpd
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@ilinux ~]# chkconfig --level 35 vsftpd on
[root@ilinux ~]# chkconfig --list vsftpd
vsftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@ilinux ~]# vi /etc/vsftpd/vsftpd.conf
By default, anonymous user can do ftp without password;
anonymous user is chrooted to /var/ftp as "/"
local users (linux users) can do ftp using password;
local users are not chrooted by default; i.e local users can access all the resources of the system using ftp
===========CLIENT SIDE================
#ftp
username: anonymous
password: password is not required
ftp>help
ftp>ls {it will show the content of the remote/server}
ftp>!ls {it will display the content of the local system}
ftp>pwd {it will show the PWD of the remote/server}
ftp>lcd {it will display the LOCAL working directory}
[notice: for anonymous user pwd will display "/" which is chrooted to /var/ftp]
#ftp IP-ADD of server
username: local user's username
password: password
ftp>........
...............
[notice: for local users by default pwd will be "/home/username
========================================
========================================
=========SERVER SIDE================
Q: How to create chroot jail for the local users?
A: For this we need to uncomment few lines shown below in /etc/vsftpd/vsftpd.conf
#vi /etc/vsftpd/vsftpd.conf
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
#vi /etc/vsftpd/chroot_list
[add the usernames to be chrooted to /home/
#service vsftpd restart
=============CLIENT SIDE==================
#ftp
username:
password:
ftp>........
...............
[now PWD will show "/" as user is chrooted to /home/
No comments:
Post a Comment