In SLES, anonymous user is chrooted to /srv/ftp directory
In CentOS and RedHat linux, anonymous user is chrooted to /var/ftp directory
(when I say chrooted, I mean that '/sr/ftp' acts like '/' for anonymous user. This prevents anonymous user to hack into the root structure of the ftp server)
Make some changes on vsftpd.conf so that anonymous user can do read/write operation.
However, before making any changes, make a backup copy of vsftpd.conf
Server01:/srv/ftp # diff /etc/vsftpd.conf /etc/vsftpd.conf.bak
+anon_upload_enable=YES
-#anon_upload_enable=YES
+ anon_mkdir_write_enable=YES
-#anon_mkdir_write_enable=YES
+ anon_other_write_enable=YES
-#anon_other_write_enable=YES
Now you have to grant "WRITE" access to "other" user in /srv/ftp directory
#chmod o+w /srv/ftp
After that, restart the ftp server
#service vsftpd restart
Try login into the ftp server as anonymous user and try to use 'get' and 'put' commands to download and upload files.
:)
However, above process may not fullfill your needs.
So, try something different
--> Create FTP user
#useradd -r -m ftpuser
#passwd ftpuser
(you can give any name u like)
--> Chroot the user to it's home directory. i.e /home/ftpuser will be root for the ftp user
Server01:~ # diff /etc/vsftpd.conf /etc/vsftpd.conf.backup+chroot_list_enable=YES
-#chroot_list_enable=YES
+chroot_list_file=/etc/vsftpd.chroot_list
- #chroot_list_file=/etc/vsftpd.chroot_list
--> Restart ftp server
#service vsftpd restart
Now, try to login in ftp server using username and password. You can upload and download flawlessly now. You can't break into the root structure of the server as you are in chroot jail of /home/[username]
Have a fun! :)
Today, one of my friend asked me, can we define /var/ftp rather than /srv/ftp as the root directory for the ftpuser in SLES?
Of course, yes. However, you have to hack in /etc/vsftpd.conf
FTPserver#vi /etc/vsftpd.conf
........
write_enable=YES
local_enable=YES
chroot_list_enable=YES
#anonymous_enable=YES
#anon_world_readable_only=YES
....
userlist_enable=YES
userlist_deny=NO
local_root=/var/ftp/
listen_address=[ftp server IP address]
#vi /etc/vsftpd.user_list
add the list of the allowed ftp users over here
#service vsftpd restart
That's it. Try it. ;D
In CentOS and RedHat linux, anonymous user is chrooted to /var/ftp directory
(when I say chrooted, I mean that '/sr/ftp' acts like '/' for anonymous user. This prevents anonymous user to hack into the root structure of the ftp server)
Make some changes on vsftpd.conf so that anonymous user can do read/write operation.
However, before making any changes, make a backup copy of vsftpd.conf
Server01:/srv/ftp # diff /etc/vsftpd.conf /etc/vsftpd.conf.bak
+anon_upload_enable=YES
-#anon_upload_enable=YES
+ anon_mkdir_write_enable=YES
-#anon_mkdir_write_enable=YES
+ anon_other_write_enable=YES
-#anon_other_write_enable=YES
Now you have to grant "WRITE" access to "other" user in /srv/ftp directory
#chmod o+w /srv/ftp
After that, restart the ftp server
#service vsftpd restart
Try login into the ftp server as anonymous user and try to use 'get' and 'put' commands to download and upload files.
:)
However, above process may not fullfill your needs.
So, try something different
--> Create FTP user
#useradd -r -m ftpuser
#passwd ftpuser
(you can give any name u like)
--> Chroot the user to it's home directory. i.e /home/ftpuser will be root for the ftp user
Server01:~ # diff /etc/vsftpd.conf /etc/vsftpd.conf.backup+chroot_list_enable=YES
-#chroot_list_enable=YES
+chroot_list_file=/etc/vsftpd.chroot_list
- #chroot_list_file=/etc/vsftpd.chroot_list
--> Restart ftp server
#service vsftpd restart
Now, try to login in ftp server using username and password. You can upload and download flawlessly now. You can't break into the root structure of the server as you are in chroot jail of /home/[username]
Have a fun! :)
Today, one of my friend asked me, can we define /var/ftp rather than /srv/ftp as the root directory for the ftpuser in SLES?
Of course, yes. However, you have to hack in /etc/vsftpd.conf
FTPserver#vi /etc/vsftpd.conf
........
write_enable=YES
local_enable=YES
chroot_list_enable=YES
#anonymous_enable=YES
#anon_world_readable_only=YES
....
userlist_enable=YES
userlist_deny=NO
local_root=/var/ftp/
listen_address=[ftp server IP address]
#vi /etc/vsftpd.user_list
add the list of the allowed ftp users over here
#service vsftpd restart
That's it. Try it. ;D
No comments:
Post a Comment