RE: Secure Writeable Restricted VSFTP Site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: Message
Are you allowing external connections to the ftp ports in your /etc/hosts.allow file?
 
 

--
Michael St. Laurent
Hartwell Corporation

-----Original Message-----
From: shrike-list-bounces@xxxxxxxxxx [mailto:shrike-list-bounces@xxxxxxxxxx] On Behalf Of Gavin Mellors - BCX SS
Sent: Monday, April 18, 2005 1:34 PM
To: shrike-list@xxxxxxxxxx
Subject: Secure Writeable Restricted VSFTP Site

Hi All
 
I am trying to setup a secure ftp site using RH9.0, vsftpd and xinetd.
I can ftp in locally (local_enable=YES) but I cannot connect to my site from an external address.
 
The user accounts have been created on the local machine and I can ftp to my box using both accounts and am able to read,write and delete files. I am unable to move out of the local_root dir as specified in vsftpd.conf file and , anonymous and ftp user access is denied. So all seems well locally.?
(I want to give web developer write access to the web site but restrict access to two specific external IP addresses.
Following contents of my config files.
 
more /etc/xinetd.d/vsftpd
service ftp
{
        disable                 = no
        socket_type        = stream
        wait                    = no
        user                    = root
        server                 = /usr/sbin/vsftpd
        nice                    = 10
        only_from           =  www.xxx.yyy.zzz
        log_on_failure     += USERID
}
 
/etc/vsftpd.conf
ftpd_banner=Welcome to the Blah Ftp Server
anonymous_enable=NO
local_enable=YES
hide_ids=YES
write_enable=YES
local_root=/var/www/                    //I have added my web developer to the apache group and chown to these files root:apache
pam_service_name=vsftpd             // Aaargh!!! I needed to change it to this from pam_service_name=ftp ;)
xferlog_enable=YES
# Security
userlist_enable=YES
userlist_deny=NO
Thanks in advance.
Gavin Mellors
 
Kind Regards,
Gavin Mellors
Senior Customer Services Engineer KZN
Support Services
Business Connexion (Pty) Ltd


  Office:   +27 (0)39 695 0002
  Mobile:   +27 (0)82 577 8675
  Fax:   +27 (0)39 695 0002
  Email:   gavin.mellors@xxxxxxxxx
  Web Site:   www.bcx.co.za

NOTICES:
1. This message and any attachments are confidential and intended solely for the addressee. If you have received this message in error, please notify the sender at Business Connexion (Pty) Ltd immediately. Any unauthorised use, alteration or dissemination is prohibited.
2. Business Connexion (Pty) Ltd accepts no liability whatsoever for any loss whether it be direct, indirect or consequential, arising from information made available and actions resulting there from.
3. Please note that Business Connexion only binds itself by way of signed agreements. 'Signed' refers to a hand-written signature, excluding any signature appended by 'electronic communication' as defined in the Electronic Communications and Transactions Act, no. 25 of 2002.
4. Directors: P.A. Watt, B. Mophatlane, A.C. Farthing (British), B. Sithole, I. Mophatlane, M.W. Schoeman.
5. Business Connexion (Pty) Ltd Company Registration Number: 1993/003683/07
 
-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list

[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux