Are you allowing external connections to the ftp ports in your
/etc/hosts.allow file?
--
Michael St. Laurent
Hartwell Corporation
-----Original Message-----
From: shrike-list-bounces@xxxxxxxxxx [mailto:shrike-list-bounces@xxxxxxxxxx] On Behalf Of Gavin Mellors - BCX SS
Sent: Monday, April 18, 2005 1:34 PM
To: shrike-list@xxxxxxxxxx
Subject: Secure Writeable Restricted VSFTP Site
From: shrike-list-bounces@xxxxxxxxxx [mailto:shrike-list-bounces@xxxxxxxxxx] On Behalf Of Gavin Mellors - BCX SS
Sent: Monday, April 18, 2005 1:34 PM
To: shrike-list@xxxxxxxxxx
Subject: Secure Writeable Restricted VSFTP Site
Hi All
I am trying to setup a secure ftp site
using RH9.0, vsftpd and
xinetd.
I can ftp in locally (local_enable=YES) but
I cannot connect to my site from an external address.
The user accounts have been created on the
local machine and I can ftp to my box using both accounts and am able to
read,write and delete files. I am unable to move out of the local_root dir as
specified in vsftpd.conf file and , anonymous and ftp user access is denied. So
all seems well locally.?
(I want to give web developer write access
to the web site but restrict access to two specific external IP
addresses.
Following contents of my config
files.
more /etc/xinetd.d/vsftpd
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
only_from = www.xxx.yyy.zzz
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
only_from = www.xxx.yyy.zzz
log_on_failure += USERID
}
}
/etc/vsftpd.conf
ftpd_banner=Welcome to the Blah Ftp Server
anonymous_enable=NO
local_enable=YES
hide_ids=YES
write_enable=YES
local_root=/var/www/ //I have added my web developer to the apache group and chown to these files root:apache
ftpd_banner=Welcome to the Blah Ftp Server
anonymous_enable=NO
local_enable=YES
hide_ids=YES
write_enable=YES
local_root=/var/www/ //I have added my web developer to the apache group and chown to these files root:apache
pam_service_name=vsftpd
// Aaargh!!! I needed to change it to this from pam_service_name=ftp
;)
xferlog_enable=YES
# Security
userlist_enable=YES
userlist_deny=NO
xferlog_enable=YES
# Security
userlist_enable=YES
userlist_deny=NO
Thanks in advance.
Gavin Mellors
Gavin Mellors
Senior Customer Services Engineer KZN
Support Services
Business Connexion (Pty) Ltd
| Office: | +27 (0)39 695 0002 | |
| Mobile: | +27 (0)82 577 8675 | |
| Fax: | +27 (0)39 695 0002 | |
| Email: | gavin.mellors@xxxxxxxxx | |
| Web Site: | www.bcx.co.za |
NOTICES:
1. This message and any attachments are confidential and intended solely for the addressee. If you have received this message in error, please notify the sender at Business Connexion (Pty) Ltd immediately. Any unauthorised use, alteration or dissemination is prohibited.
2. Business Connexion (Pty) Ltd accepts no liability whatsoever for any loss whether it be direct, indirect or consequential, arising from information made available and actions resulting there from.
3. Please note that Business Connexion only binds itself by way of signed agreements. 'Signed' refers to a hand-written signature, excluding any signature appended by 'electronic communication' as defined in the Electronic Communications and Transactions Act, no. 25 of 2002.
4. Directors: P.A. Watt, B. Mophatlane, A.C. Farthing (British), B. Sithole, I. Mophatlane, M.W. Schoeman.
5. Business Connexion (Pty) Ltd Company Registration Number: 1993/003683/07
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
