Page 1 of 1

FTP-ing fails when the user's home dir is mounted as another

Posted: Sat Sep 25, 2010 5:41 pm
by mecha_godzilla
Hi,

I'm using CentOS 5 for my LAMP/web server set-up, just installed vsftpd and set it up so that my user (which I'll call myftpaccount) is chrooted to their home directory, which works as expected and I can FTP in without any problems. What I want to do though is make it so that when this user logs-in they see the /var/www/html directory instead.

I've set it so that this directory is owned by the apache user/group and I've then added myftpaccount to that group. To try and 'redirect' the user to the /var/www/html directory I then did this

mount --bind /var/www/html /home/myftpaccount

but now the FTP account won't log-in - I keep getting a "bad password" message. If I unmount the bind the FTP account works again.

My questions are:

1. Why won't the login work any more? Has what I've done stopped vsftpd being able to authenticate the account?

2. Would another way to achieve the same thing be to change the settings in /etc/passwd so that the user's home directory is /var/www/html

Thanks in advance,

Mecha Godzilla

Re: FTP-ing fails when the user's home dir is mounted as ano

Posted: Mon Jan 31, 2011 6:01 pm
by gooney0
You could change the user's home directory to /var/www/html if you wanted to. Just be careful of hidden files such as .bashrc and so on.

Using chroot is meant to prevent the very thing you're trying to accomplish. It's meant to prevent users from escaping their sub file system or accessing files that exist in the "real" system.

Here is the way I'd do it:

Create a sym link:
cd ~
ln -s /var/www/html html

Now a user sees this in their home directory:

html/

Set the group as you've already done. Now their home directory can still house hidden files, mail and misc. junk without messing up your html.

Re: FTP-ing fails when the user's home dir is mounted as ano

Posted: Tue Feb 01, 2011 5:41 am
by VladSun
What's in the error logs?

Re: FTP-ing fails when the user's home dir is mounted as ano

Posted: Tue Feb 01, 2011 6:59 pm
by mecha_godzilla
Hello again,

Just to avoid any confusion, there seems to be a slight time delay between my original post and the responses so this issue. I guess I should apologise for not posting a follow-up :oops: but thank you for the help!

I ended up editing /etc/passwd so that the 'home' directory for the FTP user is /var/www/html and that seemed to work. I think it ended up being a permissions problem so I added the FTP user to the apache group to resolve this issue (owner/group of /var/www/html was set to apache:apache). I'm not sure whether this is necessarily the right approach but it works, plus the support dudes said it was OK and that's good enough for me :lol:

Maybe I didn't explain this properly in my post but the intention was to chroot the FTP user so that they only had access to /var/www/html - that way the account could only be used for FTP (and not shell) logins. I also edited /etc/passwd to disable the shell access, btw.

Thanks,

M_G