PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Mon Jun 24, 2019 5:29 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Sat Sep 25, 2010 5:41 pm 
Offline
Forum Contributor
User avatar

Joined: Wed Apr 14, 2010 4:45 pm
Posts: 375
Location: UK
Hi,

I'm using CentOS 5 for my LAMP/web server set-up, just installed vsftpd and set it up so that my user (which I'll call myftpaccount) is chrooted to their home directory, which works as expected and I can FTP in without any problems. What I want to do though is make it so that when this user logs-in they see the /var/www/html directory instead.

I've set it so that this directory is owned by the apache user/group and I've then added myftpaccount to that group. To try and 'redirect' the user to the /var/www/html directory I then did this

mount --bind /var/www/html /home/myftpaccount

but now the FTP account won't log-in - I keep getting a "bad password" message. If I unmount the bind the FTP account works again.

My questions are:

1. Why won't the login work any more? Has what I've done stopped vsftpd being able to authenticate the account?

2. Would another way to achieve the same thing be to change the settings in /etc/passwd so that the user's home directory is /var/www/html

Thanks in advance,

Mecha Godzilla


Top
 Profile  
 
PostPosted: Mon Jan 31, 2011 7:01 pm 
Offline
Forum Commoner

Joined: Fri Jan 21, 2011 2:40 pm
Posts: 56
Location: Reston, VA
You could change the user's home directory to /var/www/html if you wanted to. Just be careful of hidden files such as .bashrc and so on.

Using chroot is meant to prevent the very thing you're trying to accomplish. It's meant to prevent users from escaping their sub file system or accessing files that exist in the "real" system.

Here is the way I'd do it:

Create a sym link:
cd ~
ln -s /var/www/html html

Now a user sees this in their home directory:

html/

Set the group as you've already done. Now their home directory can still house hidden files, mail and misc. junk without messing up your html.


Top
 Profile  
 
PostPosted: Tue Feb 01, 2011 6:41 am 
Offline
DevNet Master
User avatar

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria
What's in the error logs?

_________________
There are 10 types of people in this world, those who understand binary and those who don't


Top
 Profile  
 
PostPosted: Tue Feb 01, 2011 7:59 pm 
Offline
Forum Contributor
User avatar

Joined: Wed Apr 14, 2010 4:45 pm
Posts: 375
Location: UK
Hello again,

Just to avoid any confusion, there seems to be a slight time delay between my original post and the responses so this issue. I guess I should apologise for not posting a follow-up :oops: but thank you for the help!

I ended up editing /etc/passwd so that the 'home' directory for the FTP user is /var/www/html and that seemed to work. I think it ended up being a permissions problem so I added the FTP user to the apache group to resolve this issue (owner/group of /var/www/html was set to apache:apache). I'm not sure whether this is necessarily the right approach but it works, plus the support dudes said it was OK and that's good enough for me :lol:

Maybe I didn't explain this properly in my post but the intention was to chroot the FTP user so that they only had access to /var/www/html - that way the account could only be used for FTP (and not shell) logins. I also edited /etc/passwd to disable the shell access, btw.

Thanks,

M_G


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group